Requirements

V. Bettag edited this page Jun 28, 2015 · 23 revisions

Page to brainstorm requirements for the image

Design Principles:

  • Simple Rollout: available from the Docker Hub and Community Package Hub for Synology (SPK signed packages by cphub.net)
  • Segregate App & Data: mount database home, attachments area and key log files by "-v" option into Docker container
  • Modular Staggered Approach: SPK prepares mounts for guest container, downloads Dockerfile, adds config collected by GUI into the container and starts it
  • Configuration first: avoid hard-coding, put all sources to load like Dockerfile or Zarafa downloads to CFG & ENV area (goal: for new release only need to change configuration in SPK and new Dockerfile)
  • Recoverability: provide provide database backup, restore and replication option for our precious mail data

@fbartels: For rollout via Docker Hub I get the feeling, that this should not be the goal after all. I looked at the other Docker Apps available on the Synology App Center and they also seem to provide an spk that fetches and starts the container. As well as deals with persistent data. @vbettag: captured in design principles: we use Dockerfile

Features and Modules:

  • should have automatic Synology Mailserver Postfix integration (aka integrate ToBoso Z-Pull-V-Mail)
  • should have more fetchmail options: interval, flush or not, pass to spam-assassin, not run as root
  • should either include zarafa admin plugin or features from old Zarafa SPK admin (e.g. fetchmail admin)
  • should include Z-Push; at least Z-Push made available from an SSL enabled vhost from Synology (Port 443 for outside access, reverse proxy)
  • should use "Zarafa for home" packages for Outlook access of 3 users (aka the licensed server & outlook mapi client)
  • should have option to use LDAP for user management; we focus on using ldap server of synology
  • should have train spam-assassin as webapp plugin and DSM UI to pass to mail-server spam-assassin
  • should have iplocker / failtoban functionality to block hack attacks (part will be on synology level to gain access to iptables)

Database Specifics:

  • should have advanced option to run on nativ mySQL / mariadb as zarafa with own user and password; default: mySQL in Docker

@fbartels: I am against idea using Synology mySql. Zarafa benefits a lot from tuning the database, were as (especially for beginners) tuning the built in database can be hard (recreating innodb_log_file's for example). @vbettag: OK: by Default we ship a database server as well.

  • should mount database home from "/volume1/@database/mysql-docker/zarafa" with softlink "/var/services/mysql-docker-zarafa" to maintain data at a common place
  • should mount mysql socket dir read-only either from docker host or container into zarafa container to allow connection setting via localhost to mysqld.sock

[docker run -v /run/mysqld:/run/mysqld:ro] see http://marc.merlins.org/linux/talks/DockerLocalDisk-LC2015-JP/DockerLocalDisk.pdf

  • should have default mysql backup script to run daily / weekly on Synology / SPK bin level (reuse, merge TosoBoso & fbartels scripts)

Specifics for Synology SPK Package:

  • should have log files rotate scripts to avoid overrunning chatty logs like fetchmail or dagent
  • would users need to give login credentials to start downloading packages? (@fbartels: solved at boot time)

more to come..

Specifics for Docker Package:

more to come..

Misc & Other Considerations:

should not be an issue as we use Z-Push in Docker container (to be verified, might have deja vu)

  • Use a "companion app" to setup LDAP and create the vhost for the reverse proxy? Make the companion app conflict with the default mail station?
  • Or create by SPK install scripts the reverse proxy with directory settings in .hhtpaccess to "zarafa" & "z-push"
  • How to handle mail workflow?
Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.