From 0b736a92f9f5088bd296d7e1856f6e7c33237335 Mon Sep 17 00:00:00 2001 From: hsiegeln <37154749+hsiegeln@users.noreply.github.com> Date: Sat, 11 Apr 2026 21:56:21 +0200 Subject: [PATCH] docs: update env var references to new naming convention architecture.md runtime/deployment section rewritten with correct CAMELEER_SAAS_PROVISIONING_* and CAMELEER_SERVER_* env vars. user-manual.md updated container resource env vars and removed stale CAMELEER_TENANT_SLUG reference. HOWTO.md cleaned up. Co-Authored-By: Claude Opus 4.6 (1M context) --- CLAUDE.md | 2 +- HOWTO.md | 4 +--- docs/architecture.md | 44 ++++++++++++++++++++++++++++---------------- docs/user-manual.md | 9 +++------ 4 files changed, 33 insertions(+), 26 deletions(-) diff --git a/CLAUDE.md b/CLAUDE.md index deb6f1b..0b373cb 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -343,7 +343,7 @@ PostgreSQL (Flyway): `src/main/resources/db/migration/` # GitNexus — Code Intelligence -This project is indexed by GitNexus as **cameleer-saas** (2467 symbols, 5337 relationships, 207 execution flows). Use the GitNexus MCP tools to understand code, assess impact, and navigate safely. +This project is indexed by GitNexus as **cameleer-saas** (2470 symbols, 5338 relationships, 207 execution flows). Use the GitNexus MCP tools to understand code, assess impact, and navigate safely. > If any GitNexus tool warns the index is stale, run `npx gitnexus analyze` in terminal first. diff --git a/HOWTO.md b/HOWTO.md index ce6fd50..5674f64 100644 --- a/HOWTO.md +++ b/HOWTO.md @@ -63,10 +63,8 @@ Edit `.env` and set at minimum: ```bash # Change in production POSTGRES_PASSWORD= -CAMELEER_SERVER_SECURITY_BOOTSTRAPTOKEN= -CAMELEER_TENANT_SLUG= # e.g., "acme" — tags all observability data -# Logto M2M credentials (get from Logto admin console after first boot) +# Logto M2M credentials (auto-provisioned by bootstrap, or get from Logto admin console) CAMELEER_SAAS_IDENTITY_M2MCLIENTID= CAMELEER_SAAS_IDENTITY_M2MCLIENTSECRET= ``` diff --git a/docs/architecture.md b/docs/architecture.md index 22877d3..c6ed50d 100644 --- a/docs/architecture.md +++ b/docs/architecture.md @@ -872,31 +872,43 @@ state (`currentTenantId`). Provides `logout` and `signIn` callbacks. | `CAMELEER_SAAS_IDENTITY_M2MCLIENTSECRET` | (empty) | M2M app client secret (from bootstrap) | | `CAMELEER_SAAS_IDENTITY_SPACLIENTID` | (empty) | SPA app client ID (fallback; bootstrap preferred) | -**Runtime / Deployment:** +**Provisioning** (`cameleer.saas.provisioning.*` / `CAMELEER_SAAS_PROVISIONING_*`): | Variable | Default | Description | |-----------------------------------|------------------------------------|----------------------------------| -| `CAMELEER3_SERVER_ENDPOINT` | `http://cameleer3-server:8081` | cameleer3-server internal URL | -| `CAMELEER_JAR_STORAGE_PATH` | `/data/jars` | JAR upload storage directory | -| `CAMELEER_RUNTIME_BASE_IMAGE` | `cameleer-runtime-base:latest` | Base Docker image for app builds | -| `CAMELEER_DOCKER_NETWORK` | `cameleer` | Docker network for containers | -| `CAMELEER_CONTAINER_MEMORY_LIMIT`| `512m` | Per-container memory limit | -| `CAMELEER_CONTAINER_CPU_SHARES` | `512` | Per-container CPU shares | -| `CLICKHOUSE_URL` | `jdbc:clickhouse://clickhouse:8123/cameleer` | ClickHouse JDBC URL | -| `CLICKHOUSE_ENABLED` | `true` | Enable ClickHouse integration | -| `CLICKHOUSE_USERNAME` | `default` | ClickHouse user | -| `CLICKHOUSE_PASSWORD` | (empty) | ClickHouse password | -| `DOMAIN` | `localhost` | Base domain for Traefik routing | +| `CAMELEER_SAAS_PROVISIONING_SERVERIMAGE` | `gitea.siegeln.net/cameleer/cameleer3-server:latest` | Docker image for per-tenant server | +| `CAMELEER_SAAS_PROVISIONING_SERVERUIIMAGE` | `gitea.siegeln.net/cameleer/cameleer3-server-ui:latest` | Docker image for per-tenant UI | +| `CAMELEER_SAAS_PROVISIONING_NETWORKNAME` | `cameleer-saas_cameleer` | Shared services Docker network | +| `CAMELEER_SAAS_PROVISIONING_TRAEFIKNETWORK` | `cameleer-traefik` | Traefik Docker network | +| `CAMELEER_SAAS_PROVISIONING_PUBLICHOST` | `localhost` | Public hostname (same as infrastructure `PUBLIC_HOST`) | +| `CAMELEER_SAAS_PROVISIONING_PUBLICPROTOCOL` | `https` | Public protocol (same as infrastructure `PUBLIC_PROTOCOL`) | +| `CAMELEER_SAAS_PROVISIONING_DATASOURCEURL` | `jdbc:postgresql://postgres:5432/cameleer3` | PostgreSQL URL passed to tenant servers | +| `CAMELEER_SAAS_PROVISIONING_CLICKHOUSEURL` | `jdbc:clickhouse://clickhouse:8123/cameleer` | ClickHouse URL passed to tenant servers | -### 10.2 cameleer3-server +### 10.2 cameleer3-server (per-tenant) -| Variable | Default | Description | +Env vars injected into provisioned per-tenant server containers by `DockerTenantProvisioner`. All server properties use the `cameleer.server.*` prefix (env vars: `CAMELEER_SERVER_*`). + +| Variable | Default / Value | Description | |------------------------------|----------------------------------------------|----------------------------------| | `SPRING_DATASOURCE_URL` | `jdbc:postgresql://postgres:5432/cameleer3` | PostgreSQL JDBC URL | | `SPRING_DATASOURCE_USERNAME`| `cameleer` | PostgreSQL user | | `SPRING_DATASOURCE_PASSWORD`| `cameleer_dev` | PostgreSQL password | -| `CLICKHOUSE_URL` | `jdbc:clickhouse://clickhouse:8123/cameleer` | ClickHouse JDBC URL | -| `CAMELEER_SERVER_SECURITY_BOOTSTRAPTOKEN` | `default-bootstrap-token` | Agent bootstrap token | +| `CAMELEER_SERVER_CLICKHOUSE_URL` | `jdbc:clickhouse://clickhouse:8123/cameleer` | ClickHouse JDBC URL | +| `CAMELEER_SERVER_TENANT_ID` | *(tenant slug)* | Tenant identifier for data isolation | +| `CAMELEER_SERVER_SECURITY_BOOTSTRAPTOKEN` | *(generated)* | Agent bootstrap token | +| `CAMELEER_SERVER_SECURITY_JWTSECRET` | *(generated)* | JWT signing secret | +| `CAMELEER_SERVER_SECURITY_OIDC_ISSUERURI` | `${PUBLIC_PROTOCOL}://${PUBLIC_HOST}/oidc` | OIDC issuer for M2M tokens | +| `CAMELEER_SERVER_SECURITY_OIDC_JWKSETURI` | `http://logto:3001/oidc/jwks` | Docker-internal JWK fetch | +| `CAMELEER_SERVER_SECURITY_OIDC_AUDIENCE` | `https://api.cameleer.local` | JWT audience validation | +| `CAMELEER_SERVER_SECURITY_CORSALLOWEDORIGINS` | `${PUBLIC_PROTOCOL}://${PUBLIC_HOST}` | CORS for browser requests | +| `CAMELEER_SERVER_RUNTIME_ENABLED` | `true` | Enable Docker orchestration | +| `CAMELEER_SERVER_RUNTIME_SERVERURL` | `http://cameleer-server-{slug}:8081` | Per-tenant server URL | +| `CAMELEER_SERVER_RUNTIME_ROUTINGDOMAIN` | `${PUBLIC_HOST}` | Domain for Traefik routing | +| `CAMELEER_SERVER_RUNTIME_ROUTINGMODE` | `path` | `path` or `subdomain` routing | +| `CAMELEER_SERVER_RUNTIME_JARSTORAGEPATH` | `/data/jars` | JAR file storage directory | +| `CAMELEER_SERVER_RUNTIME_DOCKERNETWORK` | `cameleer-tenant-{slug}` | Primary network for app containers | +| `CAMELEER_SERVER_RUNTIME_JARDOCKERVOLUME` | `cameleer-jars-{slug}` | Docker volume for JAR sharing | | `CAMELEER_JWT_SECRET` | `cameleer-dev-jwt-secret-...` | HMAC secret for internal JWTs | | `CAMELEER_SERVER_TENANT_ID` | `default` | Tenant slug for data isolation | | `CAMELEER_SERVER_SECURITY_OIDCISSUERURI` | (empty) | Logto issuer for M2M token validation | diff --git a/docs/user-manual.md b/docs/user-manual.md index 821f4c4..0d2cdfd 100644 --- a/docs/user-manual.md +++ b/docs/user-manual.md @@ -440,11 +440,8 @@ Copy `.env.example` to `.env` and configure as needed: | `CAMELEER_SAAS_IDENTITY_M2MCLIENTID` | Machine-to-machine client ID (auto-set by bootstrap) | _(empty)_ | | `CAMELEER_SAAS_IDENTITY_M2MCLIENTSECRET` | Machine-to-machine client secret (auto-set by bootstrap) | _(empty)_ | | `CAMELEER_SAAS_IDENTITY_SPACLIENTID` | SPA client ID for the frontend | _(empty)_ | -| `CAMELEER_SERVER_SECURITY_BOOTSTRAPTOKEN` | Bootstrap token for agent registration | `change_me_bootstrap_token` | -| `CAMELEER_CONTAINER_MEMORY_LIMIT` | Memory limit for deployed containers | `512m` | -| `CAMELEER_CONTAINER_CPU_SHARES` | CPU shares for deployed containers | `512` | -| `CAMELEER_TENANT_SLUG` | Default tenant slug | `default` | -| `DOMAIN` | Domain for Traefik TLS and route URLs | `localhost` | +| `PUBLIC_HOST` | Public hostname for Traefik, Logto, and SaaS routing | `localhost` | +| `PUBLIC_PROTOCOL` | Public protocol (`http` or `https`) | `https` | | `SAAS_ADMIN_USER` | Platform admin username | `admin` | | `SAAS_ADMIN_PASS` | Platform admin password | `admin` | | `TENANT_ADMIN_USER` | Tenant admin username | `camel` | @@ -598,7 +595,7 @@ The Cameleer SaaS application itself does not need any changes -- all identity c 1. Check the container logs from the Logs tab on the app detail page. 2. If the app crashes immediately, verify the JAR file is a valid executable Spring Boot or Camel application. -3. To increase memory limits, set `CAMELEER_CONTAINER_MEMORY_LIMIT` to a higher value (e.g., `1g`) in `.env` and restart the stack. +3. To increase memory limits, set `CAMELEER_SERVER_RUNTIME_CONTAINER_MEMORYLIMIT` to a higher value (e.g., `1g`) on the per-tenant server container and restart it. ### Bootstrap Script Errors