OCDAV Service Configuration

Introduction

The ocDAV service is responsible for translating ownCloud flavoured WebDAV into CS3 API calls. Note that previews (thumbnails) are provided by the WebDAV service. For more details on CS3 see the REVA and CS3 description in the Architecture and Concepts section.

Sequence Diagram

General View

A PROPFIND finds its way to a storage provider like in the image shown below. While this is a simplification to get an understanding of what needs to go where, there are several places where sharding (splitting and distributing) can happen.

mermaid ocdav 1

Proxy-based User Routing

The Infinite Scale proxy authenticates requests and can forward requests to different backends, depending on the logged-in user or cookies. For example, multiple ocdav services can be configured to shard users, based on username or affiliation.

mermaid ocdav 2

Gateway-based Path or Storage Provider ID-based Routing

The CS3 gateway acts as a facade to multiple storage providers that can be configured with the storage registry.

mermaid ocdav 3

PROPFIND Request Against Old Webdav Endpoints

This is how the old endpoint with username and a path relative to the user’s home looks like: /dav/files/{username}

To route a PROPFIND request against the old webdav endpoints like /dav/files/username, ocdav first has to build a CS3 namespace prefix, e.g. /users/{{.Id.OpaqueId}} to the user’s home.

mermaid ocdav 4

Handling Legacy Global Namespace Webdav Endpoints

The reason Infinite Scale uses a path-based lookup instead of looking up the current user’s home using the user ID and a space type filter is, because there are deployments that use a global namespace at the legacy /webdav endpoint. To support these use cases, the gateway allows looking up spaces using their mount path.

mermaid ocdav 5

Configuration

Environment Variables

The ocdav extension is configured via the following environment variables:

  • latest

  • 2.0.0

Environment variables for the ocdav service
Name Type Default Value Description

OCIS_TRACING_ENABLED
OCDAV_TRACING_ENABLED

bool

false

Activates tracing.

OCIS_TRACING_TYPE
OCDAV_TRACING_TYPE

string

The type of tracing. Defaults to "", which is the same as "jaeger". Allowed tracing types are "jaeger" and "" as of now.

OCIS_TRACING_ENDPOINT
OCDAV_TRACING_ENDPOINT

string

The endpoint of the tracing agent.

OCIS_TRACING_COLLECTOR
OCDAV_TRACING_COLLECTOR

string

The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.

OCIS_LOG_LEVEL
OCDAV_LOG_LEVEL

string

The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace".

OCIS_LOG_PRETTY
OCDAV_LOG_PRETTY

bool

false

Activates pretty log output.

OCIS_LOG_COLOR
OCDAV_LOG_COLOR

bool

false

Activates colorized log output.

OCIS_LOG_FILE
OCDAV_LOG_FILE

string

The path to the log file. Activates logging to this file if set.

OCDAV_DEBUG_ADDR

string

127.0.0.1:9163

Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.

OCDAV_DEBUG_TOKEN

string

Token to secure the metrics endpoint.

OCDAV_DEBUG_PPROF

bool

false

Enables pprof, which can be used for profiling.

OCDAV_DEBUG_ZPAGES

bool

false

Enables zpages, which can be used for collecting and viewing in-memory traces.

OCDAV_HTTP_ADDR

string

127.0.0.1:0

The bind address of the HTTP service.

OCDAV_HTTP_PROTOCOL

string

tcp

The transport protocol of the HTTP service.

OCDAV_HTTP_PREFIX

string

A URL path prefix for the handler.

OCIS_JWT_SECRET
OCDAV_JWT_SECRET

string

The secret to mint and validate jwt tokens.

REVA_GATEWAY

string

127.0.0.1:9142

The CS3 gateway endpoint.

OCIS_GRPC_CLIENT_TLS_MODE

string

TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification.

OCIS_GRPC_CLIENT_TLS_CACERT

string

Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.

OCDAV_SKIP_USER_GROUPS_IN_TOKEN

bool

false

Disables the loading of user’s group memberships from the reva access token.

OCDAV_WEBDAV_NAMESPACE

string

/users/{{.Id.OpaqueId}}

Jail requests to /dav/webdav into this CS3 namespace. Supports template layouting with CS3 User properties.

OCDAV_FILES_NAMESPACE

string

/users/{{.Id.OpaqueId}}

Jail requests to /dav/files/{username} into this CS3 namespace. Supports template layouting with CS3 User properties.

OCDAV_SHARES_NAMESPACE

string

/Shares

The human readable path for the share jail. Relative to a users personal space root. Upcased intentionally.

OCIS_URL
OCDAV_PUBLIC_URL

string

https://localhost:9200

URL where oCIS is reachable for users.

OCIS_INSECURE
OCDAV_INSECURE

bool

false

Allow insecure connections to the GATEWAY service.

OCDAV_GATEWAY_REQUEST_TIMEOUT

int64

84300

Request timeout in seconds for requests from the oCDAV service to the GATEWAY service.

OCIS_MACHINE_AUTH_API_KEY
OCDAV_MACHINE_AUTH_API_KEY

string

Machine auth API key used to validate internal requests necessary for the access to resources from other services.

Environment variables for the ocdav service
Name Type Default Value Description

OCIS_TRACING_ENABLED
OCDAV_TRACING_ENABLED

bool

false

Activates tracing.

OCIS_TRACING_TYPE
OCDAV_TRACING_TYPE

string

The type of tracing. Defaults to "", which is the same as "jaeger". Allowed tracing types are "jaeger" and "" as of now.

OCIS_TRACING_ENDPOINT
OCDAV_TRACING_ENDPOINT

string

The endpoint of the tracing agent.

OCIS_TRACING_COLLECTOR
OCDAV_TRACING_COLLECTOR

string

The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.

OCIS_LOG_LEVEL
OCDAV_LOG_LEVEL

string

The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace".

OCIS_LOG_PRETTY
OCDAV_LOG_PRETTY

bool

false

Activates pretty log output.

OCIS_LOG_COLOR
OCDAV_LOG_COLOR

bool

false

Activates colorized log output.

OCIS_LOG_FILE
OCDAV_LOG_FILE

string

The path to the log file. Activates logging to this file if set.

OCDAV_DEBUG_ADDR

string

127.0.0.1:9163

Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.

OCDAV_DEBUG_TOKEN

string

Token to secure the metrics endpoint.

OCDAV_DEBUG_PPROF

bool

false

Enables pprof, which can be used for profiling.

OCDAV_DEBUG_ZPAGES

bool

false

Enables zpages, which can be used for collecting and viewing in-memory traces.

OCDAV_HTTP_ADDR

string

127.0.0.1:0

The bind address of the HTTP service.

OCDAV_HTTP_PROTOCOL

string

tcp

The transport protocol of the HTTP service.

OCDAV_HTTP_PREFIX

string

A URL path prefix for the handler.

OCIS_JWT_SECRET
OCDAV_JWT_SECRET

string

The secret to mint and validate jwt tokens.

REVA_GATEWAY

string

127.0.0.1:9142

The CS3 gateway endpoint.

OCIS_GRPC_CLIENT_TLS_MODE

string

TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification.

OCIS_GRPC_CLIENT_TLS_CACERT

string

Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.

OCDAV_SKIP_USER_GROUPS_IN_TOKEN

bool

false

Disables the loading of user’s group memberships from the reva access token.

OCDAV_WEBDAV_NAMESPACE

string

/users/{{.Id.OpaqueId}}

Jail requests to /dav/webdav into this CS3 namespace. Supports template layouting with CS3 User properties.

OCDAV_FILES_NAMESPACE

string

/users/{{.Id.OpaqueId}}

Jail requests to /dav/files/{username} into this CS3 namespace. Supports template layouting with CS3 User properties.

OCDAV_SHARES_NAMESPACE

string

/Shares

The human readable path for the share jail. Relative to a users personal space root. Upcased intentionally.

OCIS_URL
OCDAV_PUBLIC_URL

string

https://localhost:9200

URL where oCIS is reachable for users.

OCIS_INSECURE
OCDAV_INSECURE

bool

false

Allow insecure connections to the GATEWAY service.

OCDAV_GATEWAY_REQUEST_TIMEOUT

int64

84300

Request timeout in seconds for requests from the oCDAV service to the GATEWAY service.

OCIS_MACHINE_AUTH_API_KEY
OCDAV_MACHINE_AUTH_API_KEY

string

Machine auth API key used to validate internal requests necessary for the access to resources from other services.

YAML Example

  • latest

  • 2.0.0

# Autogenerated
# Filename: ocdav-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
debug:
  addr: 127.0.0.1:9163
  token: ""
  pprof: false
  zpages: false
http:
  addr: 127.0.0.1:0
  protocol: tcp
  prefix: ""
token_manager:
  jwt_secret: ""
reva:
  address: 127.0.0.1:9142
  tls:
    mode: ""
    cacert: ""
skip_user_groups_in_token: false
webdav_namespace: /users/{{.Id.OpaqueId}}
files_namespace: /users/{{.Id.OpaqueId}}
shares_namespace: /Shares
public_url: https://localhost:9200
insecure: false
gateway_request_timeout: 84300
machine_auth_api_key: ""
# Autogenerated
# Filename: ocdav-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
debug:
  addr: 127.0.0.1:9163
  token: ""
  pprof: false
  zpages: false
http:
  addr: 127.0.0.1:0
  protocol: tcp
  prefix: ""
token_manager:
  jwt_secret: ""
reva:
  address: 127.0.0.1:9142
  tls:
    mode: ""
    cacert: ""
skip_user_groups_in_token: false
webdav_namespace: /users/{{.Id.OpaqueId}}
files_namespace: /users/{{.Id.OpaqueId}}
shares_namespace: /Shares
public_url: https://localhost:9200
insecure: false
gateway_request_timeout: 84300
machine_auth_api_key: ""