feat(deploy): deprecate direct Docker access and Docker Socket Proxy, scheduled for removal in Nextcloud 35

Signed-off-by: Oleksander Piskun <oleksandr2088@icloud.com>

Author: oleksandr-nc

CHANGELOG.md

@@ -9,6 +9,14 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [34.0.0]
+
+### Deprecated
+
+- Direct Docker access via Docker Socket Proxy is deprecated and scheduled for removal in Nextcloud 35. Migrate `docker-install` daemons to HaRP.
+- AIO Docker Socket Proxy auto-registration (`AIODockerActions::registerAIODaemonConfig`) is deprecated in favor of the HaRP-based AIO daemon.
+
+
 ## [3.2.0 - 2024-09-10]
 
 ### Added

js/app_api-adminSettings.js

@@ -34,7 +34,7 @@ protected function configure(): void {
 
 		$this->addArgument('name', InputArgument::REQUIRED, 'Unique deploy daemon name');
 		$this->addArgument('display-name', InputArgument::REQUIRED);
-		$this->addArgument('accepts-deploy-id', InputArgument::REQUIRED, 'The deployment method that the daemon accepts. Can be "manual-install" or "docker-install". "docker-install" is for Docker Socket Proxy and HaRP.');
+		$this->addArgument('accepts-deploy-id', InputArgument::REQUIRED, 'The deployment method that the daemon accepts. Can be "manual-install", "docker-install", or "kubernetes-install". "docker-install" is for HaRP (recommended) and the legacy Docker Socket Proxy (deprecated, scheduled for removal in Nextcloud 35).');
 		$this->addArgument('protocol', InputArgument::REQUIRED, 'The protocol used to connect to the daemon. Can be "http" or "https".');
 		$this->addArgument('host', InputArgument::REQUIRED, 'The hostname (and port) or path at which the Docker socket proxy or HaRP or the manual-install app is/would be available. This does not need to be a public host, just a host accessible by the Nextcloud server. It can also be a path to the Docker socket. (e.g. appapi-harp:8780, /var/run/docker.sock)');
 		$this->addArgument('nextcloud_url', InputArgument::REQUIRED);
@@ -161,6 +161,10 @@ protected function execute(InputInterface $input, OutputInterface $output): int
 			$output->writeln('<comment>Warning: The host contains a port, which will be ignored for manual-install daemons. The ExApp\'s port from --json-info will be used instead.</comment>');
 		}
 
+		if ($acceptsDeployId === 'docker-install' && !$isHarp) {
+			$output->writeln('<comment>Warning: Direct Docker access (Docker Socket Proxy) is deprecated and will be removed in Nextcloud 35. Please register a HaRP-based daemon instead (pass --harp).</comment>');
+		}
+
 		if ($this->daemonConfigService->getDaemonConfigByName($name) !== null) {
 			$output->writeln(sprintf('Registration skipped, as the daemon config `%s` already exists.', $name));
 			return 0;

js/app_api-adminSettings.js.map

@@ -18,7 +18,9 @@
  * Class with utils methods for AIO setup
  */
 class AIODockerActions {
+	/** @deprecated since AppAPI 34.0.0, scheduled for removal in Nextcloud 35. Use AIO_HARP_DAEMON_CONFIG_NAME instead. */
 	public const AIO_DAEMON_CONFIG_NAME = 'docker_aio';
+	/** @deprecated since AppAPI 34.0.0, scheduled for removal in Nextcloud 35. Use AIO_HARP_HOST instead. */
 	public const AIO_DOCKER_SOCKET_PROXY_HOST = 'nextcloud-aio-docker-socket-proxy:2375';
 	public const AIO_HARP_DAEMON_CONFIG_NAME = 'harp_aio';
 	public const AIO_HARP_HOST = 'nextcloud-aio-harp:8780';
@@ -37,7 +39,10 @@ public function isAIO(): bool {
 	}
 
 	/**
-	 * Registers DaemonConfig with default params to use AIO Docker Socket Proxy
+	 * Registers DaemonConfig with default params to use AIO Docker Socket Proxy.
+	 *
+	 * @deprecated since AppAPI 34.0.0, scheduled for removal in Nextcloud 35.
+	 *             Use {@see registerAIOHarpDaemonConfig()} instead.
 	 */
 	public function registerAIODaemonConfig(): ?DaemonConfig {
 		$defaultDaemonConfig = $this->appConfig->getValueString(Application::APP_ID, 'default_daemon_config', lazy: true);
@@ -83,7 +88,10 @@ public function isHarpEnabled(): bool {
 	}
 
 	/**
-	 * Check if Docker Socket Proxy is enabled in AIO
+	 * Check if Docker Socket Proxy is enabled in AIO.
+	 *
+	 * @deprecated since AppAPI 34.0.0, scheduled for removal in Nextcloud 35.
+	 *             The Docker Socket Proxy deployment mode is being replaced by HaRP.
 	 */
 	public function isDockerSocketProxyEnabled(): bool {
 		$dspEnabled = getenv('DOCKER_SOCKET_PROXY_ENABLED');

lib/Command/Daemon/RegisterDaemon.php

@@ -12,6 +12,7 @@
 use OCA\AppAPI\Db\DaemonConfig;
 use OCA\AppAPI\Db\DaemonConfigMapper;
 
+use OCA\AppAPI\DeployActions\DockerActions;
 use OCA\AppAPI\DeployActions\KubernetesActions;
 use OCA\AppAPI\DeployActions\ManualActions;
 use OCP\AppFramework\Db\DoesNotExistException;
@@ -77,6 +78,12 @@ public function registerDaemonConfig(array $params): ?DaemonConfig {
 			$this->logger->error('Failed to register daemon configuration: setting `net=host` in HaRP is not supported when communication with ExApps is done directly without FRP.');
 			return null;
 		}
+		if ($params['accepts_deploy_id'] === DockerActions::DEPLOY_ID && empty($params['deploy_config']['harp'])) {
+			$this->logger->warning(sprintf(
+				'Daemon "%s" uses direct Docker access (Docker Socket Proxy). This deployment method is deprecated and will be removed in Nextcloud 35. Please migrate to a HaRP-based daemon.',
+				$params['name'],
+			));
+		}
 		$params['deploy_config']['nextcloud_url'] = rtrim($params['deploy_config']['nextcloud_url'], '/');
 		try {
 			if (isset($params['deploy_config']['haproxy_password']) && $params['deploy_config']['haproxy_password'] !== '') {

lib/DeployActions/AIODockerActions.php

@@ -18,6 +18,10 @@
 					{{ t('app_api', 'The "Manual install" daemon is usually used for development. It cannot be set as the default daemon.') }}
 				</NcNoteCard>
 
+				<NcNoteCard v-if="isDeprecatedDirectDocker" type="warning">
+					{{ t('app_api', 'Direct Docker access (Docker Socket Proxy) is deprecated and will be removed in Nextcloud 35. Please migrate to a HaRP-based daemon.') }}
+				</NcNoteCard>
+
 				<NcNoteCard v-if="daemon.accepts_deploy_id === 'kubernetes-install'" type="info">
 					{{ t('app_api', 'This is a Kubernetes daemon managed via CLI.') }}
 				</NcNoteCard>
@@ -127,6 +131,11 @@ export default {
 			verifying: false,
 		}
 	},
+	computed: {
+		isDeprecatedDirectDocker() {
+			return this.daemon.accepts_deploy_id === 'docker-install' && !this.daemon.deploy_config?.harp
+		},
+	},
 	methods: {
 		closeModal() {
 			this.$emit('update:show', false)

lib/Service/DaemonConfigService.php

@@ -9,6 +9,9 @@
 			@close="closeModal">
 			<div class="register-daemon-config-body">
 				<h2>{{ isEdit ? t('app_api', 'Edit the deploy daemon') : t('app_api', 'Register a new deploy daemon') }}</h2>
+				<NcNoteCard v-if="isDeprecatedDirectDocker" type="warning">
+					{{ t('app_api', 'Direct Docker access (Docker Socket Proxy) is deprecated and will be removed in Nextcloud 35. Please migrate to a HaRP-based daemon.') }}
+				</NcNoteCard>
 				<div v-if="!isEdit" class="templates">
 					<NcSelect
 						id="daemon-template"
@@ -332,6 +335,7 @@ import { generateUrl } from '@nextcloud/router'
 import NcButton from '@nextcloud/vue/components/NcButton'
 import NcInputField from '@nextcloud/vue/components/NcInputField'
 import NcModal from '@nextcloud/vue/components/NcModal'
+import NcNoteCard from '@nextcloud/vue/components/NcNoteCard'
 import NcPasswordField from '@nextcloud/vue/components/NcPasswordField'
 import NcSelect from '@nextcloud/vue/components/NcSelect'
 import NcFormBoxSwitch from '@nextcloud/vue/components/NcFormBoxSwitch'
@@ -354,6 +358,7 @@ export default {
 		NcLoadingIcon,
 		NcModal,
 		NcInputField,
+		NcNoteCard,
 		NcPasswordField,
 		UnfoldLessHorizontal,
 		UnfoldMoreHorizontal,
@@ -403,7 +408,10 @@ export default {
 			registeringDaemon: false,
 			configurationTab: { id: DAEMON_TEMPLATES[0].name, label: DAEMON_TEMPLATES[0].displayName },
 			configurationTemplateOptions: [
-				...DAEMON_TEMPLATES.map(template => { return { id: template.name, label: template.displayName } }),
+				...DAEMON_TEMPLATES.map(template => ({
+					id: template.name,
+					label: template.deprecated ? `${template.displayName} (deprecated)` : template.displayName,
+				})),
 			],
 			verifyingDaemonConnection: false,
 			computeDevices: DAEMON_COMPUTE_DEVICES,
@@ -567,6 +575,9 @@ export default {
 		isK8s() {
 			return this.acceptsDeployId === 'kubernetes-install'
 		},
+		isDeprecatedDirectDocker() {
+			return this.acceptsDeployId === 'docker-install' && !this.isHarp
+		},
 	},
 	watch: {
 		configurationTab(newConfigurationTab) {

src/components/DaemonConfig/DaemonConfigDetailsModal.vue

@@ -120,6 +120,7 @@ export const DAEMON_TEMPLATES = [
 		name: 'docker_socket_proxy',
 		displayName: 'Docker Socket Proxy',
 		acceptsDeployId: 'docker-install',
+		deprecated: true,
 		httpsEnabled: false,
 		host: 'nextcloud-appapi-dsp:2375',
 		nextcloud_url: null,
@@ -144,6 +145,7 @@ export const DAEMON_TEMPLATES = [
 		name: 'custom',
 		displayName: 'Custom Default',
 		acceptsDeployId: 'docker-install',
+		deprecated: true,
 		httpsEnabled: false,
 		host: 'nextcloud-appapi-dsp:2375',
 		nextcloud_url: null,
@@ -168,6 +170,7 @@ export const DAEMON_TEMPLATES = [
 		name: 'docker_aio',
 		displayName: 'All-in-One',
 		acceptsDeployId: 'docker-install',
+		deprecated: true,
 		httpsEnabled: false,
 		host: 'nextcloud-aio-docker-socket-proxy:2375',
 		nextcloud_url: null,