Docker-managed volumes[^1] are more cross-platform compatible than
hard-coded paths, and will work even if the Docker user cannot write
to the arbitrary path of `/opt/docker/zulip` on the Docker host.
[^1]: https://docs.docker.com/storage/volumes/
Co-authored-by: Alex Vandiver <alexmv@zulip.com>
With previous `%D` format preventable errors like
```
tar (child): /data/backups/backup-09/05/22-03-22-03.tar.gz: Cannot open: No such file or directory
```
will occur. Let's use a more sane[^1] date format where possible.
The -I flag to date(1) was added in roughly 1999[^2] and is portable across
GNU coreutils and BusyBox. Piping to tr(1) to remove colons in filenames
is largely a Windows-compatibility concern, as Win32 does not allow for
that character in filenames[^3], and it's possible that the backups target
directory could be a volume mount to a Windows host (for example on
Docker Desktop For Windows).
[^1]: https://xkcd.com/1179/
[^2]: https://unix.stackexchange.com/a/164834
[^3]: https://learn.microsoft.com/en-us/windows/win32/fileio/naming-a-file#naming-conventions
Co-Authored-By: Josh Klar <josh@zulip.com>
`restart:` was previously inconsistently provided to service definitions
(only memcached and rabbitmq) and at that, the restart policy was
`always`. `always` can lead to surprising behavior where restarts of the
docker daemon will resurrect explicitly-stopped containers, whereas
`unless-stopped` will leave explicitly-stopped containers stopped.
Set all services in the docker-compose file to `restart:
unless-stopped`.
Further reading: https://linuxhandbook.com/docker-restart-policy/
A helm chart is added for the installation of Zulip into Kubernetes
clusters. The chart is based on a version of PR #287, but contains
significant changes.
The chart depends on Bitnami helm charts for the installation of
Memcached, Postgresql, Rabbitmq and Redis.
The chart includes the possibility to add `postSetup` scripts which
are mounted to `/data/post-setup.d` and executed by the docker-zulip
Docker container.
More information can be found in the chart's README in
kubernetes/chart/zulip/README.md
This is required for connecting to a LDAPS server without validating certificators:
```
SETTING_AUTH_LDAP_GLOBAL_OPTIONS: "{ ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER }"
```
Using `SETTING_AUTH_LDAP_CONNECTION_OPTIONS` doesn't work.
The configuration files need to be placed in
`/opt/docker/zulip/zulip/settings/etc-zulip` so that Zulip will pick
them up properly. This commit clarifies that in the README.md file.
Currently LDAP group settings are being treat as string, they should be treated as array
so we could configure it correctly while executing on `docker` or `kubernetes`.
