docs: Phase 2 Lab 03 complete -- 45/120 labs (37.5%), CHANGELOG v1.5.0

Author: RedjiJB

CHANGELOG.md

@@ -8,12 +8,106 @@ This project adheres to [Keep a Changelog](https://keepachangelog.com/en/1.1.0/)
 
 ## [Unreleased]
 
-### Planned — Next Up (Phase 2 Sprint)
-- Phase 2 Lab 01 (Standalone) for: Nextcloud, Mattermost, Jitsi, iRedMail, Zammad
+### Planned — Next Up (Phase 2 Lab 04 Sprint)
+- Phase 2 Lab 04 (SSO Integration) for: Nextcloud, Mattermost, Jitsi, iRedMail, Zammad
 - `it-stack-installer` operational scripts (`clone-all-repos.ps1`, `update-all-repos.ps1`, `install-tools.ps1`)
 
 ---
 
+## [1.5.0] — 2026-03-01
+
+### Added — Phase 2 Lab 03: Advanced Features (all 5 Phase 2 modules)
+
+Lab progress: 40/120 → 45/120 (33.3% → 37.5%). Phase 2 Lab 03 (Advanced Features) complete for all 5 Phase 2 modules.
+
+| Module | Key Advanced Features | Key Lab 03 Tests |
+|--------|----------------------|------------------|
+| Nextcloud (06) | cron worker container, PHP tuning (512M), Redis `allkeys-lru`, trusted proxies | `backgroundjobs_mode=cron` via occ, `PHP_MEMORY_LIMIT=512M` in env, memory limit 1G |
+| Mattermost (07) | MinIO S3 storage, `MaxFileSize=524288000` (500MB), read/write timeout 300s, login retry limit | `MM_FILESETTINGS_MAXFILESIZE` in env + API, `DriverName=amazons3` in config |
+| Jitsi (08) | JWT authentication (`APP_SECRET=JitsiJWT03!`), coturn TURN server, guest access | `ENABLE_AUTH=1`, `AUTH_TYPE=jwt`, `APP_ID=jitsi` in web+prosody env, TURN :3478 |
+| iRedMail (09) | DKIM signing (`ENABLE_DKIM=1`, selector=lab), LDAP readonly bind, SMTP STARTTLS | DKIM keys in `/opt/dkim/`, STARTTLS in EHLO response, resource limit 1G |
+| Zammad (11) | `RAILS_MAX_THREADS=5`, `WEB_CONCURRENCY=2`, ES indices, Redis `allkeys-lru` | `RAILS_MAX_THREADS=5` in railsserver env, `zammad_*` indices in ES, resource limit 2G |
+
+#### Architecture Notes (Lab 03)
+
+```
+Theme:       Resource limits on all containers + module-specific advanced production features
+Nextcloud:   4-container stack: db+redis+app+cron; cron replaces ajax background jobs
+Mattermost:  5-container stack adds MinIO S3; MM_FILESETTINGS_DRIVERNAME=amazons3
+Jitsi:       5-container stack adds JWT auth layer; ENABLE_GUESTS=1 allows anonymous after auth
+iRedMail:    3-container stack; DKIM keys generated at /opt/dkim/; POSTFIX relays via mailhog
+Zammad:      7-container stack (init+railsserver+scheduler+websocket+nginx+pg+es+redis+smtp)
+             RAILS_MAX_THREADS=5, WEB_CONCURRENCY=2 tune Ruby concurrency
+```
+
+#### CI Workflow Updates
+
+All 5 Phase 2 CI workflows updated — `lab-03-smoke` job appended to each (after `lab-02-smoke`), with compose-specific wait conditions and `continue-on-error: true`.
+
+---
+
+## [1.4.0] — 2026-02-28
+
+### Added — Phase 2 Lab 02: External Dependencies (all 5 Phase 2 modules)
+
+Lab progress: 35/120 → 40/120 (29.2% → 33.3%). Phase 2 Lab 02 (External Dependencies) complete for all 5 Phase 2 modules.
+
+| Module | Key External Deps | Key Lab 02 Tests |
+|--------|-------------------|------------------|
+| Nextcloud (06) | postgres:16-alpine, redis:7-alpine (2 networks) | DB type = pgsql via `occ config:system:get dbtype`, Redis in config.php |
+| Mattermost (07) | postgres:16-alpine, redis:7-alpine, mailhog SMTP relay | SMTP relay: `SMTPServer` = `smtp` verified via config API |
+| Jitsi (08) | coturn:4.6 TURN/STUN (2 networks: jitsi-net + turn-net) | TURN TCP :3478 reachable, config.js TURN config present |
+| iRedMail (09) | osixia/openldap:1.5.0, mailhog SMTP relay (2 networks) | LDAP search dc=lab,dc=local, readonly bind, SMTP/IMAP/SUBM banners |
+| Zammad (11) | postgres:15, elasticsearch:8, redis:7 (replaces memcached), mailhog (3 networks) | REDIS_URL=redis:// in container env (not memcached), Mailhog :8025 new |
+
+#### Architecture Notes (Lab 02)
+
+```
+Theme:       Each module connects to externally-managed services on separate Docker networks
+             simulating real LAN topology (app ↔ db on dedicated subnets)
+Nextcloud:   nc-app-net (app+redis) + nc-db-net (app+db); REDIS_HOST_PASSWORD=Lab02Redis!
+Mattermost:  mm-app-net + mm-data-net; MM_EMAILSETTINGS_SMTPSERVER=smtp (mailhog)
+Jitsi:       jitsi-net (all Jitsi components) + turn-net (coturn); coturn --user=jitsi:TurnPass1!
+iRedMail:    mail-app-net + mail-dir-net; LDAP_BIND_DN=cn=readonly,dc=lab,dc=local
+Zammad:      zammad-app-net + zammad-data-net + zammad-mail-net; REDIS_URL replaces MEMCACHE_SERVERS
+```
+
+#### CI Workflow Updates
+
+All 5 Phase 2 CI workflows updated — `lab-02-smoke` job appended to each, including real wait conditions for PG/Redis/ES/LDAP/TURN/API readiness before running lab scripts.
+
+---
+
+## [1.3.0] — 2026-02-28
+
+### Added — Phase 2 Lab 01: Standalone (all 5 Phase 2 modules)
+
+Lab progress: 30/120 → 35/120 (25.0% → 29.2%). Phase 2 Lab 01 (Standalone) complete for all 5 Phase 2 modules.
+
+| Module | Compose | Sidecar Services | Key Tests |
+|--------|---------|------------------|-----------|
+| Nextcloud (06) | `nextcloud:29-apache` :8080, SQLite auto | — | `status.php installed:true`, `occ status/user:list`, WebDAV PROPFIND, OCS Capabilities |
+| Mattermost (07) | `mattermost-team-edition:9.3` :8065 | postgres:16-alpine | API `/system/ping`, create team/channel, post message |
+| Jitsi (08) | web+prosody+jicofo+jvb `:stable-9753` | 4-container stack | HTTPS :8443, config.js, external_api.js, BOSH :5280, JVB logs |
+| iRedMail (09) | `iredmail/iredmail:stable` all-in-one | — | SMTP :9025, IMAP :9143, Submission :9587, Roundcube :9080/mail, Postfix/Dovecot/MariaDB |
+| Zammad (11) | `ghcr.io/zammad/zammad:6.3.0` × 5 | postgres:15, ES:8, memcached | PG/ES health, web :3000, API `/signshow`, create admin, railsserver |
+
+#### Architecture Notes (Lab 01)
+
+```
+Nextcloud:   SQLite (no external DB) — correct for standalone lab validation
+Mattermost:  Internal PG sidecar — no Keycloak, no FreeIPA at this stage
+Jitsi:       4 containers with xmpp.meet.jitsi network alias for XMPP DNS resolution
+iRedMail:    All-in-one container (Postfix+Dovecot+MariaDB+Nginx+Roundcube)
+Zammad:      YAML anchor x-zammad-env shared across 5 service containers; ES security disabled for lab
+```
+
+#### CI Workflow Updates
+
+All 5 CI workflows updated — `lab-01-smoke` job now uses correct module-specific test script names and real health-wait conditions (no more scaffold `sleep 30` or `test-lab-01.sh` references).
+
+---
+
 ## [1.2.0] — 2026-02-28
 
 ### Added — Phase 1 Lab 06: Production Deployment 🎉 Phase 1 Complete

docs/IT-STACK-TODO.md

@@ -207,15 +207,15 @@ All 5 repos have:
 
 ## Phase 5: Module Scaffolding — Deployment Phase 2 (Collaboration)
 
-> **Status: 🔶 SCAFFOLD COMPLETE** — repos created, scaffolded, 30 issues filed · Lab 01 content not yet written
+> **Status: ✅ LAB 01 COMPLETE** — repos scaffolded · 30 issues filed · Lab 01 (Standalone) fully implemented for all 5 modules
 
-- [x] `it-stack-nextcloud` — scaffolded · 6 compose stubs · 6 lab script stubs · CI ✅
-- [x] `it-stack-mattermost` — scaffolded · 6 compose stubs · 6 lab script stubs · CI ✅
-- [x] `it-stack-jitsi` — scaffolded · 6 compose stubs · 6 lab script stubs · CI ✅
-- [x] `it-stack-iredmail` — scaffolded · 6 compose stubs · 6 lab script stubs · CI ✅
-- [x] `it-stack-zammad` — scaffolded · 6 compose stubs · 6 lab script stubs · CI ✅
+- [x] `it-stack-nextcloud` — Lab 01 done · SQLite standalone · occ/WebDAV/OCS tests · CI updated ✅
+- [x] `it-stack-mattermost` — Lab 01 done · PG sidecar · API/team/channel/post tests · CI updated ✅
+- [x] `it-stack-jitsi` — Lab 01 done · 4-container stack · TLS/BOSH/config.js tests · CI updated ✅
+- [x] `it-stack-iredmail` — Lab 01 done · SMTP/IMAP/webmail · Postfix/Dovecot/MariaDB tests · CI updated ✅
+- [x] `it-stack-zammad` — Lab 01 done · PG+ES+memcached · API/railsserver/scheduler tests · CI updated ✅
 - [x] 30 issues filed, added to Project #7 + #10
-- [ ] Write real `docker-compose.standalone.yml` + `test-lab-XX-01.sh` (after Phase 1 Lab 06 complete)
+- [x] Real `docker-compose.standalone.yml` + `test-lab-XX-01.sh` written and pushed to main
 
 ---
 
@@ -306,17 +306,17 @@ All 5 repos have:
 
 | Module | Lab 01 | Lab 02 | Lab 03 | Lab 04 | Lab 05 | Lab 06 |
 |--------|--------|--------|--------|--------|--------|--------|
-| 06 · Nextcloud | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] |
-| 07 · Mattermost | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] |
-| 08 · Jitsi | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] |
+| 06 · Nextcloud | [x] | [x] | [x] | [ ] | [ ] | [ ] |
+| 07 · Mattermost | [x] | [x] | [x] | [ ] | [ ] | [ ] |
+| 08 · Jitsi | [x] | [x] | [x] | [ ] | [ ] | [ ] |
 
 ### Category 04: Communications
 
 | Module | Lab 01 | Lab 02 | Lab 03 | Lab 04 | Lab 05 | Lab 06 |
 |--------|--------|--------|--------|--------|--------|--------|
-| 09 · iRedMail | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] |
+| 09 · iRedMail | [x] | [x] | [x] | [ ] | [ ] | [ ] |
 | 10 · FreePBX | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] |
-| 11 · Zammad | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] |
+| 11 · Zammad | [x] | [x] | [x] | [ ] | [ ] | [ ] |
 
 ### Category 05: Business Systems
 
@@ -342,7 +342,7 @@ All 5 repos have:
 | 19 · Zabbix | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] |
 | 20 · Graylog | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] |
 
-**Lab Progress:** 30/120 (25.0%) — Phase 1 Labs 01–06 complete for all 5 Phase 1 modules ✅ Phase 1 DONE
+**Lab Progress:** 45/120 (37.5%) — Phase 1 complete (30/120) ✅ · Phase 2 Labs 01–03 complete ✅ · Phase 2 Lab 03 (Advanced Features) complete for Nextcloud, Mattermost, Jitsi, iRedMail, Zammad ✅
 
 ---
 
@@ -466,11 +466,14 @@ All 5 repos have:
 | ~~Sprint 4~~ | ~~Phase 1 Lab 04 (SSO integration)~~ | ~~freeipa·keycloak·postgresql·redis·traefik Lab 04~~ ✅ |
 | ~~Sprint 5~~ | ~~Phase 1 Lab 05 (integrations)~~ | ~~All 5 Lab 05~~ ✅ |
 | ~~Sprint 6~~ | ~~Phase 1 Lab 06 (production)~~ | ~~All 5 Lab 06 → Phase 1 complete~~ ✅ |
-| Next session | Phase 2 Lab 01 (standalone) | nextcloud·mattermost·jitsi·iredmail·zammad Lab 01 |
-| Sprint 7+ | Phase 2 Labs 02–06 | Phase 2 full lab progression |
+| ~~Sprint 7~~ | ~~Phase 2 Lab 01 (standalone)~~ | ~~nextcloud·mattermost·jitsi·iredmail·zammad Lab 01~~ ✅ |
+| ~~Sprint 8~~ | ~~Phase 2 Lab 02 (external deps)~~ | ~~nextcloud·mattermost·jitsi·iredmail·zammad Lab 02~~ ✅ |
+| ~~Sprint 9~~ | ~~Phase 2 Lab 03 (advanced features)~~ | ~~nextcloud·mattermost·jitsi·iredmail·zammad Lab 03~~ ✅ |
+| Next session | Phase 2 Lab 04 (SSO integration) | nextcloud·mattermost·jitsi·iredmail·zammad Lab 04 |
+| Sprint 10+ | Phase 2 Labs 05–06 | Phase 2 full lab progression |
 
 ---
 
-**Document Version:** 1.2  
+**Document Version:** 1.4  
 **Project:** IT-Stack | **Org:** it-stack-dev  
-**Last Updated:** 2026-02-28 — Phase 1 Lab 06 complete (30/120 labs, 25.0%) — Phase 1 COMPLETE ✅
+**Last Updated:** 2026-03-01 — Phase 2 Lab 03 complete (45/120 labs, 37.5%) — Sprint 9 done 🚀