Deploy an instance of hedgedoc
Closed, MigratedEdits Locked
Actions

Assigned To

Authored By

	douardda
	Nov 30 2020, 9:54 AM

Description

We currently are using the hackmd.io services quite a lot, it would be nice to have our own instance of such a service.
Using Hedgedoc [1] [2] seems a reasonable choice, as it allows to use an API (which the original hackmd application does not offer), especially for usages like automating the preparation of the weekly planning pad.

[1] https://github.com/hedgedoc/hedgedoc
[2] https://docs.hedgedoc.org/

I think it should be:

available from the internet
only accept pad creation from authenticated users
ideally, integrated with some auth provider or SSO (keycloak based probably [3])

[3] https://docs.hedgedoc.org/guides/auth/saml-keycloak/

Revisions and Commits

rSPRE sysadm-provisioning
	D4770	rSPREafe333b60658 production: Provision bardo instance for hedgedoc service
	D4783	rSPREe04e40aea57f Define the facts deployment/subnet per deployment types
rSPSITE puppet-swh-site
	D4768	rSPSITE73219ffec559 Reference domain for the hedgedoc instance
	D4768	rSPSITE2296f7ee87cb hedgedoc: Automate installation
	D4768	rSPSITE37a6bc671d49 hedgedoc: Install a more recent yarn version
	D4768	rSPSITEe12017013c8b production: Add new bardo instance for the hedgedoc instance

Related Objects
Search...

Status	Assigned	Task
Migrated	gitlab-migration	T2827 Deploy an instance of hedgedoc
Migrated	gitlab-migration	T2935 Create reverse proxy for admin sites
Migrated	gitlab-migration	T2941 hedgedoc: Detect and allow upgrade

Event Timeline

douardda triaged this task as Wishlist priority.Nov 30 2020, 9:54 AM

douardda created this task.

douardda updated the task description. (Show Details)Nov 30 2020, 10:07 AM

The installation doesn't look too complicated [1], we need to install a new firewall dedicated to admin/internal tools.
The unknown part is on the sso part, but as a quick win, we can try to plug it on the current softwareheritage keycloak's scheme with a dedicated group

I guess it can take about 1 day of work.

[1] https://github.com/hedgedoc/hedgedoc/blob/master/docs/setup/manual-setup.md

Just to be sure (I'm confused even after reading the history document), HedgeDoc is the *community* fork of the HackMD code base (which was named CodiMD), and has no relationship with the original upstream company running hackmd.io. Correct?

In T2827#53716, @vsellier wrote:

The installation doesn't look too complicated [1], we need to install a new firewall dedicated to admin/internal tools.

I guess you meant reverse proxy.

The unknown part is on the sso part, but as a quick win, we can try to plug it on the current softwareheritage keycloak's scheme with a dedicated group

We should definitely connect more tools to keycloak instead of each having their internal authentication. We really need to solve centralized staff user management at some point too.

I guess it can take about 1 day of work.

[1] https://github.com/hedgedoc/hedgedoc/blob/master/docs/setup/manual-setup.md

Yeah, that sounds accurate.

The ongoing maintenance cost doesn't seem too high (the releases are quite sparse), and I don't think we'll get real-time collaborative editing features even with the migration to GitLab, so I guess it makes sense to install an instance of this in-house. I'm just a bit worried about the duplication/overlap with the wikis, but hedgedoc doesn't seem to be able to do short-form internal hyperlinks, so that's probably a non-issue (it would be nice, however, to /reduce/ the number of things we maintain in house once in a while ;p)

In T2827#54141, @olasd wrote:

Just to be sure (I'm confused even after reading the history document), HedgeDoc is the *community* fork of the HackMD code base (which was named CodiMD), and has no relationship with the original upstream company running hackmd.io. Correct?

I believe it's correct.

The ongoing maintenance cost doesn't seem too high (the releases are quite sparse), and I don't think we'll get real-time collaborative editing features even with the migration to GitLab, so I guess it makes sense to install an instance of this in-house. I'm just a bit worried about the duplication/overlap with the wikis, but hedgedoc doesn't seem to be able to do short-form internal hyperlinks, so that's probably a non-issue (it would be nice, however, to /reduce/ the number of things we maintain in house once in a while ;p)

I'd rather kill the wikis in favor of a better (git-based static generator like) doc system (like how we use sphinx currently), but yeah, probably not everybody will agree with that :-)

ardumont raised the priority of this task from Wishlist to Normal.Dec 18 2020, 10:41 AM

Inventory updated [1]

[1] https://inventory.internal.softwareheritage.org/virtualization/virtual-machines/91/

ardumont mentioned this in rSPPRIVC93c6c9bdaa25: Add hedgedoc db password instance.Dec 18 2020, 12:35 PM

ardumont added a revision: D4768: production: Add new hedgedoc instance.Dec 18 2020, 1:33 PM

ardumont mentioned this in rSENV8f6f8ee5aa62: Vagrantfile: Add hedgedoc instance.Dec 18 2020, 1:34 PM

correctness first, basic run within vagrant node works (some part is puppetized, the db configuration for one).

ardumont mentioned this in rSENV55386982d27a: vagrant: Generate certificate for bardo.softwareheritage.org.Dec 18 2020, 8:03 PM

ardumont added a revision: D4770: production: Provision bardo instance to receive hedgedoc.Dec 18 2020, 9:27 PM

ardumont added a commit: rSPSITEe12017013c8b: production: Add new bardo instance for the hedgedoc instance.Dec 22 2020, 12:34 PM

ardumont added a commit: rSPSITE37a6bc671d49: hedgedoc: Install a more recent yarn version.

ardumont added a commit: rSPSITE2296f7ee87cb: hedgedoc: Automate installation.

ardumont added a commit: rSPSITE73219ffec559: Reference domain for the hedgedoc instance.

vsellier mentioned this in rSPSITEd8ff8797eac0: Allow admin network to query internal dns.Dec 22 2020, 5:18 PM

ardumont mentioned this in rSENVa498d4b0b5cc: Rename bardo fqdn appropriately.Dec 22 2020, 6:08 PM

ardumont mentioned this in rSPSITEfba1ecdcf5bd: Rename bardo fqdn appropriately.

ardumont mentioned this in D4782: Add subnet for sesi_rocquencourt_admin.Dec 22 2020, 7:05 PM

ardumont added a revision: D4783: Define the facts deployment/subnet per deployment types.Dec 22 2020, 7:08 PM

ardumont mentioned this in rSPSITE08e23e9c00c4: Add subnet for sesi_rocquencourt_admin.Dec 22 2020, 7:09 PM

ardumont added a commit: rSPREe04e40aea57f: Define the facts deployment/subnet per deployment types.Dec 22 2020, 7:47 PM

ardumont added a commit: rSPREafe333b60658: production: Provision bardo instance for hedgedoc service.

ardumont mentioned this in rSPSITE20d7795d8ba9: common: Add bind::zones for internal.admin.swh.network.Dec 22 2020, 7:53 PM

A node has been deployed [1]

As it was the first puppetized node in the vlan 442 (admin vlan), some debugging was necessary with @vsellier to make it work (firewall, dns, puppet facts, terraform, etc...)

It's not complete though.

Remains to deal with ssl, open to the public, etc...

It should be ok for the team to play with it though.

[1] http://bardo.internal.admin.swh.network:3000/

ardumont changed the task status from Open to Work in Progress.Jan 5 2021, 11:52 AM

ardumont moved this task from Backlog to in-progress on the System administration board.

ardumont claimed this task.Jan 5 2021, 11:55 AM

I see in the inventory that this VM has 8GB of RAM and 64GB of storage, isn't it a bit overkill?

Also, how is the authentication made?

I see in the inventory that this VM has 8GB of RAM and 64GB of storage, isn't it a bit overkill?

Yes, possibly. That can be "downsized".

Also, how is the authentication made?

That remains part not done yet.
In the main hedgedoc configuration file, config entries related to gitlab, twitter, github, google, ldap, mattermost, dropbox, etc... exist.
So I gather, that's possible with those, like hackmd.

It might also be possible to subscribe oneself to it via email. There is a register form when you click on the sign in link.

Those are still not configured though, i did not have a chance to look into those yet.
Right now, only anonymous edit has been tested.

ardumont mentioned this in rSENV0bc71dbace02: Vagrantfile: Add puppet-admin-facts (for admin node, e.g. bardo).Jan 6 2021, 12:25 PM

ardumont updated the task description. (Show Details)Jan 6 2021, 5:26 PM

ardumont updated the task description. (Show Details)Jan 6 2021, 5:56 PM

ardumont changed the status of subtask T2935: Create reverse proxy for admin sites from Open to Work in Progress.Jan 7 2021, 2:24 PM

ardumont mentioned this in rSPRE5075ab08b318: admin: Use deployment "admin" fact for admin nodes.Jan 7 2021, 2:42 PM

ardumont mentioned this in rSENV9a2b9f856c52: Vagrantfile: Update to use admin facts for admin nodes.Jan 7 2021, 2:45 PM

ardumont mentioned this in rSENV00748a85ba8b: Vagrantfile: Rename prod-bardo to admin-bardo.

ardumont mentioned this in rSPSITE8e228d932261: hedgedoc: Update declaratively version to 1.7.1.

ardumont mentioned this in rSPSITEf2a078ba7181: hedgedoc: Drop unused default configuration.

ardumont mentioned this in rSPSITEd39b5c2d89c5: hedgedoc: Open email configuration options.