feat(nextcloud): add notify_push support

[wrenix]

Pull Request

Description of the change

Not yet tested

Benefits

• support notify_push
• improve ServiceMonitor (to collect data from nextcloud-exporter and notify_push)

Possible drawbacks

Applicable issues

• fixes [Feature] High Performance File Backend #109
• closes Feature: client push #551

Additional information

Checklist

• DCO has been signed off on the commit.
• Chart version bumped in Chart.yaml according to semver.
• (optional) Variables are documented in the README.md

TODO

• redis password from existing secret (or URL)
• put redis password from env to secrets
• solve bootstrap problem (nextcloud and notify_push needs to be online)

[AndreKoepke]

Can we ensure that the notify_push-plugin is installed? Maybe something like this?

 lifecycle:
      postStart:
        exec:
          command: ["occ",  "app:install notify_push"]

And we have to active that plugin by running sudo -u www-data ./occ notify_push:setup https://NEXTCLOUD_HOST/push. Maybe we should add a little script like this (pseudocode):

if (!notify_push installed)
  install notify_push
/occ notify_push:setup https://NEXTCLOUD_HOST/push

[provokateurin]

I think it makes sense to give this option so the installation and setup is completely automatic, but I'd rather put it behind a second config flag:

notify_push:
	enabled: true
	automatic_setup: true

Maybe some people don't want to have this done automatically, so it's nice to give them the option.

[wrenix]

Therefore we has that hook of the container script (see #525), i write a ConfigMap for it.

PS: the same way, then in #480 (@provokateurin you wanted to take a look there ...)

PSS: Does somebody test this/my code?

[AndreKoepke]

andre@server:~/k8s/nextcloud$ helm upgrade -n nextcloud akops-nextcloud -f values.yml ./helm/charts/nextcloud/
Error: UPGRADE FAILED: template: nextcloud/templates/notify_push/deployment.yaml:41:31: executing "nextcloud/templates/notify_push/deployment.yaml" at <$.Values.global.image.registry>: nil pointer evaluating interface {}.image

[AndreKoepke]

When I remove the global-references, then I got this error:

andre@server:~/k8s/nextcloud$ helm upgrade -n nextcloud akops-nextcloud -f values.yml ./helm/charts/nextcloud/
Error: UPGRADE FAILED: YAML parse error on nextcloud/templates/notify_push/deployment.yaml: error converting YAML to JSON: yaml: line 41: did not find expected key

[wrenix]

Oh sorry, that was a copy-paste error.
normally i has on my helm-charts a global.image part to overwrite for registry and so on.

[AndreKoepke]

I was able to try an install. The result was this:

Configuring Redis as session handler
=> Searching for scripts (*.sh) to run, located in the folder: /docker-entrypoint-hooks.d/before-starting
==> Running the script (cwd: /var/www/html): "/docker-entrypoint-hooks.d/before-starting/notify_push.sh"
notify_push already installed
✓ redis is configured
🗴 push server is not receiving redis messages (received 272721789, got 0)
==> Failed at executing "/docker-entrypoint-hooks.d/before-starting/notify_push.sh". Exit code: 1

---

Edit

I have a password for redis and it was not set. Can add this like this?

            - name: REDIS_URL
              value: "redis://:<PASSWORD>@{{ template "nextcloud.redis.fullname" . }}-master:{{ .Values.redis.master.service.ports.redis }}"

When I did this locally, then we have the chicken-egg-problem ...
The notify_push application needs a running nextcloud-instance to fully start. And the nextcloud-instance need a running notify_push.

Maybe there is a better hook after nextcloud has started?

[wrenix]

okay, redis password should work:

• but not on existing secrets TODO
  We has to reorganize the secrets.

PS: found that the redis password is not stored by default in a secret ....

---

oh yes, that is a bootstrap problem. maybe we could remove it on one part.

[AndreKoepke]

Suggested change

	containerPort: 7867
	containerPort: 80

[wrenix]

Hmm, that is strange - I do like to run pods with less priority and permission (port over 1000) and reNAT it with the service to an port like 80 ...

That is the reason why I set the ENV and this port to 7867.
So I like to debug, why the ENV does not work correct.

[wrenix]

Hmm also notify_push mean, this is the default port:
https://github.com/nextcloud/notify_push?tab=readme-ov-file#configuration

So, how should it work this way 🤔

[AndreKoepke]

I got a connection timeout when I started it and only saw the port 80 in the service. I was a bit in hurry.

Your right, this should be the correct port-setting.

[AndreKoepke]

With the fixed port, I still unable to run it.

Logs from notify_push pod:

[2024-06-19 06:44:36.746890 +00:00] ERROR [notify_push] src/main.rs:78: Self test failed: Error while communicating with nextcloud instance: error sending request for url (http://akops-nextcloud.nextcloud.svc.cluster.local:8080/index.php/apps/notify_push/test/version): error trying to connect: tcp connect error: Connection refused (os error 111)

[jessebot]

@wrenix I'm updated your push file to be .tpl instead of .gotmpl to match the rest of the tpl files. I may also pop in here and write a quick test so this gets tested in CI?

[jessebot]

Feel free to remove or tweak this @wrenix 🙏

[wrenix]

Thanks for the rename of the templates (and the merge of #480 )

and yes i will replace that part into a ci/ct-*-values.yaml ala #526

[wrenix]

oh i see that i have missed to #598 ala #526 ...