State of the Federation

ncuserm · May 20, 2024, 4:19am

I have a NC instance that I want to split into two. I set it up to help with a non-profit that I volunteer for, but ended up using it mostly for other things. Now I want to create a new instance and port the data from the nonprofit. I could do it by copying it externally, but I thought federation might be a better way. I’m running NC29.0.0 on most of my instances, but NC28.0.4 on one of them I was also trying with. The split instances and the test instance are VMs running on the same computer. The web browser and curl can access each instance from any other (i.e. I can log into any instance from any VM), so general connectivity shouldn’t be an issue.

I had already gotten the servers “trusted”, but I learned here that if they don’t turn green then to remove and re-add them. Then after cron runs, sync the address books. I’ve had trusted servers for a while between my test server and my production server, but I’ve never tried to actually make a share. I have a total of four trusted servers in my federation (three entries at each).

I am allowing local servers, as some are (and one isn’t):

  'allow_local_remote_servers' => true,

When I started, I learned that I needed to add a port 80 redirect to port 443. At least to help make the federated addresses work in the general case. It seemed that it wasn’t necessary when using the names from the shared address book entries.

Here’s what I based my addition on for port 80:

<VirtualHost *:80>
   ServerName mysite.example.com
   Redirect permanent / https://mysite.example.com/
</VirtualHost>

However, I later learned that you can use “https://” as part of the federation id, and so the “federated cloud id” that the settings pages tells you is not as explicit as it could be, because if you use that format without the scheme, then it will try port 80 (thus the need for the redirect).

I was eventually able to get the notifications I thought I needed fairly consistently. However, the files never show up in the file system. I’m not sure if there should be an activity indication of the share getting actually completed.

One of the things that was happening was an exception in the files_sharing area. I found a thread here about that, but made my own patch in Cache.php:

                /* [, $remote] = explode('://', $cloudId->getRemote(), 2); */
                $tmpv = explode('://', $cloudId->getRemote(), 2);
                $remote = $tmpv[count($tmpv)-1];

The error was:

Undefined array key 1 at /var/www/nextcloud/apps/files_sharing/lib/External/Cache.php#41

So, now I’m still stuck in the same place, where I seem to get the notification, and can “accept” it, but it seems the process isn’t really completed because the file doesn’t show up. When I cancel the share, that action seems to be communicated properly.

I was able to federate my Talk conversations, and that seemed to go well. I can receive chat information. The federated participants don’t have access to video, which I’m assuming is normal. (Edit: I tried pasting an image into a federated chat, and the federated users received a message that a file was shared that is no longer available. On the federated user side, it says file upload is not available in the conversation when I try to paste in an image.)

I think once I get the recipe correct for the federation shares, it will be a very nice feature. I can only see myself growing the number of NC instances that I manage in the future.

Any help would be much appreciated.

tflidd · May 20, 2024, 7:54pm

I had two on the same vhost, so I needed to add this option in the config/config.php:
'allow_local_remote_servers' => true,

https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#allow-local-remote-servers

ncuserm · May 20, 2024, 9:15pm

Thanks! I already have that one as well. I guess I forgot to add that to my description. On the new instance, I did initially forget to add it. Hmm.

wwe · May 21, 2024, 8:25am

take a look at user_migration user-migration-app which is designed to perform data migration to a different instance (but from the user perspective).

ncuserm · May 21, 2024, 7:28pm

Ah … I had forgotten about that. Thanks!

ncuserm · May 21, 2024, 7:38pm

Just some more thoughts on the federation idea …

Regarding the activity log (the lighting bolt) when doing a share …

On the shared-to side I get:

You received a new remote share <filename> from  <Human Name>@server.example.com

And then when I accept, on the shared-from side I get:

<username>@server.example.com
 accepted the remote share of <filename>

That’s what’s in the activity logs.

Then when I unshare I get on the shared-to side:

<username>@ver.example.com unshared <filename> from you

Questions:

Is the the full normal activities that should be listed?
I noticed that it’s using a mixture of the “human name” and the login name.
There are there letters missing from the beginning of the server name on the unshare message.

Any thoughts would be appreciated.

ncuserm · September 17, 2024, 2:38pm

After updating one of my instances to NC30, and having my test instance updated to the release as well, I attempted federated file sharing again.

I found, pleasantly, that I can get sharing to work!

There may be a slight formatting problem with the shared file name in the, for instance, pending shares area, as it is postfixed with two closing curly braces. However, the function seems work OK.

By the way, a big thank you for adding the remote system name to the names in the sharing dropdown. I was starting to change all my display names on all my instances to I could tell them apart.

However, I find that I have trouble sharing without adding the scheme to the remote server. The problem includes using the remote directory entry by name. At one point, I had a log entry that said something like the federated name was invalid. However, trying again today, I didn’t see a log message. The behavior is that the share doesn’t show up to be accepted at the remote end. I haven’t looked at the network level to see if the sharing server even attempts to contact the other server.

By the way, I hate the fact that the short form of the federated ID which is shown in the personal settings → sharing area (without the scheme) is mostly interpreted as an e-mail address. I’m not interested in that kind of share right now anyway. I kind of think the listed federated ID should include the scheme.