Merge pull request #35 from surevine/second-domain

Merge 'second domain' branch to master

README.md

@@ -20,6 +20,7 @@ See the "How it's built" section below if you want to understand how this was do
 3. Launch the environment
     1. use `./start.sh` if you want two **federated** Openfire instances, or
     2. use `./start.sh -c` if you want three **clustered** Openfire instances.
+    3. use `./start.sh -co` if you want a combination: a cluster, with an additional federated Instance.
 
 ## Federated configuration
 
@@ -131,6 +132,51 @@ The following MUC rooms are configured:
 * `muc1`
 * `muc2`
 
+
+### Add a federated domain to the cluster
+
+Running `./start.sh -co` (instead of `./start.sh -c`) will, apart from the cluster described above, also instantiate a second XMPP domain that consists of one Openfire server. This will result in the following components to be added to the system as described above:
+
+```
+                   +------------------------+
+                   |       172.60.0.110     |
+                   |      +------------+    |
+(XMPP-C2S)   5229 -|      |            |    |
+(XMPP-S2S)   5269 -|------| OTHER XMPP |    |
+(HTTP-Admin) 9099 -|      |            |    |
+(BOSH)  7079/7449 -|      +------+-----+    |
+                   |             |          |
+                   |             |          |
+                   |       +-----+----+     |
+                   |       |          |     |
+(Database)   5433 -|-------| OTHER DB |     |
+                   |       |          |     |
+                   |       +----------+     |
+                   |       172.60.0.111     |
+                   |                        |
+                   +------172.60.0.0/24-----+
+```
+
+The additional Openfire is configured with the following XMPP domain:
+
+* `otherxmpp.localhost.example`
+
+Openfire is configured with the following hostname:
+
+* `otherxmpp.localhost.example`
+
+The following users are configured:
+
+* `user1` `password`
+* `user2` `password`
+
+The following MUC rooms are configured:
+
+* `muc1`
+* `muc2`
+
+Note that users and MUC rooms on the additional Openfire domain have a similar name to those on the cluster. This does not lead to collisions, as the domain-part of their JIDs will differ.
+
 ## Network
 
 The Docker compose file defines a custom bridge network with a single subnet (`172.50.0.0/24` for the federated

docker-compose-otherdomain.yml

@@ -0,0 +1,60 @@
+version: '3.7'
+
+services:
+
+  otherdb:
+    image: library/postgres:9.6.17-alpine
+    ports:
+      - "5433:5432"
+    environment:
+      - "POSTGRES_DB=openfire"
+      - "POSTGRES_USER=openfire"
+      - "POSTGRES_PASSWORD=hunter2"
+    volumes:
+      - ./sql/otherdomain:/docker-entrypoint-initdb.d
+    networks:
+      openfire-clustered-net:
+        ipv4_address: 172.60.0.111
+  
+  otherxmpp:
+    image: "openfire:${OPENFIRE_TAG}"
+    ports:
+      - "5229:5222"
+      - "5269:5269"
+      - "7079:7070"
+      - "7449:7443"
+      - "9099:9090"
+    depends_on:
+      - "otherdb"
+    volumes:
+      - ./_data/xmpp/otherdomain/conf:/var/lib/openfire/conf
+      #- ./_data/plugins:/opt/plugins
+      - ./wait-for-it.sh:/wait-for-it.sh
+    command: ["/wait-for-it.sh", "-s", "otherdb:5432", "--", "/sbin/entrypoint.sh"]
+    networks:
+      openfire-clustered-net:
+        ipv4_address: 172.60.0.110
+    extra_hosts:
+      - "xmpp.localhost.example:172.60.0.10"
+      - "xmpp.localhost.example:172.60.0.20"
+      - "xmpp.localhost.example:172.60.0.30"
+      - "conference.xmpp.localhost.example:172.60.0.10"
+      - "conference.xmpp.localhost.example:172.60.0.20"
+      - "conference.xmpp3.localhost.example:172.60.0.30"
+      - "otherxmpp.localhost.example:172.60.0.110"
+      - "conference.otherxmpp.localhost.example:172.60.0.110"
+  
+  xmpp1:
+    extra_hosts: 
+      - "otherxmpp.localhost.example:172.60.0.110"
+      - "conference.otherxmpp.localhost.example:172.60.0.110"
+
+  xmpp2:
+    extra_hosts: 
+      - "otherxmpp.localhost.example:172.60.0.110"
+      - "conference.otherxmpp.localhost.example:172.60.0.110"
+  
+  xmpp3:
+    extra_hosts: 
+      - "otherxmpp.localhost.example:172.60.0.110"
+      - "conference.otherxmpp.localhost.example:172.60.0.110"

start.sh

@@ -1,17 +1,56 @@
-#!/bin/sh
+#!/bin/bash
 
-COMPOSE_FILE=docker-compose-federated.yml
+usage() { echo "Usage: $0 [-c] [-o] [-n openfire-tag] [-h]
 
-if [ "$1" = "-c" ]; then
-  echo "Starting a clustered environment."
-  COMPOSE_FILE=docker-compose-clustered.yml
-  shift
-else
-  echo "Starting a federated environment (use -c to start a clustered environment instead)."
+  -c               Launches a Cluster instead of a FMUC stack
+  -o               Launches another separate domain alongside the cluster
+  -n openfire-tag  Launches all Openfire instances with the specified tag. This overrides the value in .env
+  -h               Show this helpful information
+"; exit 0; }
+
+CLUSTER_MODE=false
+OTHER_DOMAIN=false
+COMPOSE_FILE_COMMAND=("docker-compose")
+
+while getopts con:h o; do
+  case "$o" in
+    c)
+        CLUSTER_MODE=true
+        ;;
+    o)
+        OTHER_DOMAIN=true
+        ;;
+    n)
+        echo "Using Openfire tag: $1"
+        export OPENFIRE_TAG=$1
+        ;;
+    h)  
+        usage
+        ;;
+    *)
+        usage
+        ;;
+  esac
+done
+
+if [ $OTHER_DOMAIN == "true" ]; then 
+  if [ $CLUSTER_MODE == "false" ]; then
+    echo "Other domains are only supported alongside clusters"
+    exit 1
+  else
+    COMPOSE_FILE_COMMAND+=("-f" "docker-compose-otherdomain.yml")
+  fi
 fi
 
-docker-compose -f $COMPOSE_FILE down
-docker-compose -f $COMPOSE_FILE pull
+case $CLUSTER_MODE in
+  (true)   echo "Starting a clustered environment."
+           COMPOSE_FILE_COMMAND+=("-f" "docker-compose-clustered.yml");;
+  (false)  echo "Starting a federated environment (use -c to start a clustered environment instead)."
+           COMPOSE_FILE_COMMAND+=("-f" "docker-compose-federated.yml");;
+esac
+
+"${COMPOSE_FILE_COMMAND[@]}" down
+"${COMPOSE_FILE_COMMAND[@]}" pull
 
 # Clean up temporary persistence data
 rm -rf _data
@@ -19,8 +58,4 @@ mkdir _data
 cp -r xmpp _data/
 cp -r plugins _data/
 
-if [ -n "$1" ]; then
-  echo "Using Openfire tag: $1"
-  export OPENFIRE_TAG=$1
-fi
-docker-compose -f $COMPOSE_FILE up
+"${COMPOSE_FILE_COMMAND[@]}" up

xmpp/otherdomain/conf/openfire.xml

@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+    This file stores bootstrap properties needed by Openfire.
+    Property names must be in the format: "prop.name.is.blah=value"
+    That will be stored as:
+        <prop>
+            <name>
+                <is>
+                    <blah>value</blah>
+                </is>
+            </name>
+        </prop>
+
+    Most properties are stored in the Openfire database. A
+    property viewer and editor is included in the admin console.
+-->
+<!-- root element, all properties must be under this element -->
+<jive>
+  <adminConsole>
+    <!-- Disable either port by setting the value to -1 -->  
+    <port>9090</port>
+    <securePort>9091</securePort>
+  </adminConsole>
+  <locale>en</locale>
+  <!-- Network settings. By default, Openfire will bind to all network interfaces.
+      Alternatively, you can specify a specific network interfaces that the server
+      will listen on. For example, 127.0.0.1. This setting is generally only useful
+       on multi-homed servers. -->  
+  <!--
+    <network>
+        <interface></interface>
+    </network>
+    -->  
+  <!--
+        One time token to gain temporary access to the admin console.
+    -->  
+  <!--
+    <oneTimeAccessToken>secretToken</oneTimeAccessToken>
+    -->  
+  <connectionProvider>
+    <className>org.jivesoftware.database.DefaultConnectionProvider</className>
+  </connectionProvider>
+  <database>
+    <defaultProvider>
+      <driver>org.postgresql.Driver</driver>
+      <serverURL>jdbc:postgresql://otherdb:5432/openfire</serverURL>
+      <username encrypted="true">10d847caed2654fbb1fe6cefac0f381893323ae6b5eea27d31503d5880091fca</username>
+      <password encrypted="true">30c1893796e0110fc4607c8b1bca0d0e54f10b270c4615d3</password>
+      <testSQL>select 1</testSQL>
+      <testBeforeUse>false</testBeforeUse>
+      <testAfterUse>false</testAfterUse>
+      <testTimeout>500</testTimeout>
+      <timeBetweenEvictionRuns>30000</timeBetweenEvictionRuns>
+      <minIdleTime>900000</minIdleTime>
+      <maxWaitTime>500</maxWaitTime>
+      <minConnections>5</minConnections>
+      <maxConnections>25</maxConnections>
+      <connectionTimeout>1.0</connectionTimeout>
+    </defaultProvider>
+  </database>
+  <setup>true</setup> 
+  <fqdn>otherxmpp.localhost.example</fqdn>
+</jive>

xmpp/otherdomain/conf/security.xml

@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  This file stores security-related properties needed by Openfire.
+  You may edit this file to manage encrypted properties and 
+  encryption configuration value. Note however that you should not
+  edit this file while Openfire is running, or it may be overwritten.
+  
+  It is important to note that Openfire will store encrypted property
+  values securely "at rest" (e.g. in the database or XML), but the 
+  values will be managed as clear text strings in memory at runtime for
+  interoperability and performance reasons. Encrypted property values
+  are not visible via the Openfire console, but they may be edited or 
+  deleted as needed.
+-->
+<security> 
+  <encrypt> 
+    <!-- This can be set to "AES" or "Blowfish" (default) at setup time -->  
+    <algorithm>Blowfish</algorithm>  
+    <key> 
+      <!-- 
+        If this is a new server setup, you may set a custom encryption key
+        by setting a value for the <new /> encryption key element only.
+      
+        To change the encryption key, provide values for both new and old
+        encryption keys here. The "old" key must match the unencrypted value 
+        of the "current" key. The server will update the existing property
+        values in the database, re-encrypting them using the new key. After
+        the encrypted properties have been updated, the new key will itself
+        be encrypted and re-written into this file as <current />. 
+        
+        Note that if the current encryption key becomes invalid, any property
+        values secured by the original key will be inaccessible as well.
+        
+        The key value can be any string, and it will be hashed, filled, and/or
+        truncated to produce a compatible key for the corresponding algorithm.
+        Note that leading and trailing spaces will be ignored. A strong key 
+        will contain sixteen characters or more.
+
+        <old></old>
+        <new></new>
+       -->  
+      <current></current> 
+    </key>  
+    <property> 
+      <!-- 
+        This list includes the names of properties that have been marked for
+        encryption. Any XML properties (from openfire.xml) that are listed here 
+        will be encrypted automatically upon first use. Other properties 
+        (already in the database) can be added to this list at runtime via the 
+        "System Properties" page in the Openfire console.
+      -->  
+      <name>database.defaultProvider.username</name>  
+      <name>database.defaultProvider.password</name> 
+    </property> 
+  </encrypt>  
+  <!-- 
+  Any other property defined in this file will be treated as an encrypted
+  property. The value (in clear text) will be encrypted and migrated into 
+  the Openfire database during the next startup. The property name will 
+  be added to the list of encrypted properties and the clear text value 
+  will be removed from this file.
+  
+  <foo><bar>Secr3t$tr1ng!</bar></foo>
+--> 
+</security>

xmpp/otherdomain/conf/security/archive/readme.txt

@@ -0,0 +1 @@
+This directory is used as a default location in which Openfire stores backups of keystore files.