mastodon / mastodon-ansible Goto Github PK

View Code? Open in Web Editor NEW

162.0 13.0 60.0 203 KB

Ansible playbook for installing Mastodon

License: MIT License

Smarty 0.92% Jinja 99.08%

ansible mastodon

mastodon-ansible's Introduction

Ansible playbook for installing Mastodon

This playbook contains several roles for provisioning a ready-to-go Mastodon instance.

Prerequisites for running the playbook

Python 3.10.x
Virtualenv (>= 20.x)
pip/python-pip (>= 20.x)

for testing purposes:

Vagrant >= 2.3.5

Setup

$ virtualenv -p /usr/bin/python3 env
$ source env/bin/activate
$ git clone https://github.com/mastodon/mastodon-ansible.git
$ cd mastodon-ansible
$ pip install -r requirements.txt

Running the playbooks

Bare

This playbook is intended to be run on a "bare" (virtual) server, with the support for provisioning the Mastodon stack as well as a PostgresSQL and Redis database.

Typing secret content directly at the command line (without a prompt) leaves the secret string in your shell history. You should use Ansible Vault to secure your Mastodon database credentials for the use with Ansible instead.

The /templates/secrets.yml.tpl contains an example template that you can use.

To encrypt secrets.yml, use this following command:

$ ansible-vault encrypt secrets.yml

Then run the playbook as following:

$ ansible-playbook bare/playbook.yml --ask-vault-pass -i <your-host-here>, -u <remote-user> --ask-become-pass -e 'ansible_python_interpreter=/usr/bin/python3' --extra-vars="@secrets.yml"

If you prefer not to use Ansible Vault, you can run the playbook as following:

$ ansible-playbook bare/playbook.yml -i <your-host-here>, -u <remote-user> --ask-become-pass -e 'ansible_python_interpreter=/usr/bin/python3' --extra-vars="mastodon_db_password=your-password redis_pass=your-password local_domain=mastodon.local mastodon_host=example.com"

The playbook is using become for some of its tasks, hence the user you connect to the instance with will have to have access to sudo. It should ask you for the password in due time.

Note: This assumes you're within the virtualenv already.

After the playbook has finished its execution, Mastodon now should be available at the hostname you defined and you're not required run the Mastodon setup wizard. As Email servers differ widely from configuration to configuration you must edit the .env.production file and add your own email server details followed by restart of Mastodon services.

To edit .env.production, follow these steps:

ssh yourmachine
su - mastodon
cd ~/live
nano .env.production
systemctl restart mastodon-*.service

To see a list of available environment variables for your Mastodon installation, please refer to the Mastodon documentation.

Roles

By default, the playbook runs all of the roles defined here in sequence. You can skip any of them by specifying --skip-tags=<role-name>.

Example

Skipping the postgres role:

$ ansible-playbook bare/playbook.yml --skip-tags=postgres -i <your-host>, -u <your-user>

Preflight Checks

This role verifies that when you're running this playbook, that you're not jumping to a new major or minor version to prevent potential destructive operation. You can easily disable this role via a variable.

Settings

config setting	explanation
run_preflight_checks	If set to true, it will run verification

web

This role contains the following tasks:

repositories.yml: Adds required package repositories to pull in the latest software (e.g. yarn, nodejs)
packages.yml: Installs all the required packages for Mastodon to run (see vars/<distro>_vars.yml for a list)
ruby.yml: Installs rbenv/ruby globally so you can run Mastodon (it's a Ruby on Rails app)
user.yml: Adds a user to run Mastodon with since you shouldn't be running Mastodon under a privileged account.
firewall-cmd.yml: Starts and enables firewall for RHEL based systems and permitting SSH, HTTP and HTTPS, as not using a firewall is insecure.
ufw.yml: Starts and enables firewall for Debian based systems and permitting SSH, HTTP and HTTPS, as not using a firewall is insecure.
mastodon-preflight.yml: Downloads latest version of Mastodon and required dependencies for installing Ruby.
mastodon-postflight.yml: Installs latest version of Mastodon and all of its required dependencies. This role generates required secrets and installs env.production file, not requiring to run the Mastodon setup wizard.
nginx.yml: Installs Mastodon configuration for NGINX and sets correct SELinux policies for RHEL systems.
nodejs.yml: Enables NodeJS 16 DNF module for RHEL 8 systems to ensure that we have correct NodeJS version installed.
redis.yml: Secures Redis installation with a password as you shouldn't run redis with no password protection.
selfsigned-ssl.yml: Generates self-signed SSL certificates when LetsEncrypt not used as Mastodon requires SSL to function.
letsencrypt.yml: Automatically requests and renews a Let's Encrypt SSL certificate for your Mastodon server. Please refer to the settings section for more information.

Settings

config setting	explanation
mastodon_host	The url where your mastodon instance is reachable. E.g. `example.social`
disable_hsts	Per default the system will enable HSTS. You can set this to `true` if you want to disable it.
disable_letsencrypt	Per default the system will attempt to obtain SSL certificate via LetsEncrypt. You can set this to `true` if you want to disable it.
letsencrypt_email	Email to use during certificate registration with Let's Encrypt. This is mandatory.
use_legacy_certbot	If you wish to use the new way of obtaining a Let's Encrypt certificate. Heavily recommended to disable legacy certbot for new deployments. Default is true for compatibility reason with previous versions of the playbook. Uses Python, venv and pip to fetch the latest versions. Please note that deploying the new version of certbot may cause issues and will conflict with each other if you do not remove the old version manually!
autoupdate_certbot	Requires `use_legacy_certbot` to be `false`! Schedule automatic updates of certbot per EFF recommendation. Default is false.
certbot_extra_param	Any additional parameters you want to pass to certbot during cert request. Default is blank.
use_http	Per default the system will use HTTPS and redirect any HTTP traffic to HTTPS. With recent changes to Mastodon, Puma server now enforces HTTPS, and unless you do config changes to the Mastodon configuration yourself, you will end up in a redirect loop with NGINX trying to serve content via HTTP, and Mastodon enforcing and switching to HTTPS in a loop over and over again. Don't enable this unless you REALLY know what you're doing.
nginx_catch_all	Per default the system will only show Mastodon for a defined url in mastodon_host. Useful for development or reverse proxy scenarios. Recommended to use with use_http. You can set this to `true` if you want to enable it.
mastodon_version	Specifies which version of Mastodon you want to download. Default is "latest"
mastodon_allow_prerelease	Specifies if you want to download release candidate builds of Mastodon when "latest" is specified. Default is "false".

PostgresSQL

This role installs PostgresSQL, adds a database (named mastodon_instance by default) and a user (named mastodon by default). For connecting to the database it can either use a local socket by setting the variable mastodon_db_login_unix_socket to the directory the Postgres socket lives in (/var/run/postgresql by default under Ubuntu 18.04) or a remote PostgreSQL instance you have installed somewhere else. You will than have to set the mastodon_db_login_host (IP address or hostname of database), mastodon_db_port (the port the database is accessible on; default 5432), mastodon_db_login_user (the administrative user to connect to the database with) and mastodon_db_login_password.

Settings

config setting	explanation
mastodon_db	The database name
mastodon_db_user	Database user for mastodon
mastodon_db_password	Database password for mastodon
mastodon_db_login_unix_socket	Unix socket of the local PostgresSQL instance (not needed when using remote connection)

If you configure your PostgresSQL on another server, you need to configure these settings additionally:

config setting	explanation
mastodon_db_login_host	Host of the PostgresSQL
mastodon_db_port	Port of the PostgresSQL
mastodon_db_login_user	Admin user to connect with
mastodon_db_login_password	Password of admin user

Examples

Install PostgresSQL, create the database and user:

$ ansible-playbook bare/playbook.yml -i <your-host-here>, -u <remote-user> --extra-vars="mastodon_db_password=your-password mastodon_db_login_unix_socket='/var/run/postgresql'"

PostgreSQL installed on host mastodob-db, create the database and the user:

$ ansible-playbook bare/playbook.yml -i <your-host-here>, -u <remote-user> --extra-vars="mastodon_db_password=your-password mastodon_db_login_host=mastodon-db mastodon_db_port=5432 mastodon_db_login_user=your-admin-db-user mastodon_db_login_password=your-password"

redis

This role installs the Redis key-value store, used by Mastodon, and its client libraries.

Settings

config setting	explanation
redis_pass	Password used to secure the redis server.

Docker

FIXME

Testing

Testing is done using Goss. The tests are in the goss.yaml file and include variables from the vars.yaml file.

Continuous Integration

This repository is regularly running tests using GitHub Actions. Its configuration can be found in .github/workflows/test.yml.

Local testing

$ vagrant up

This should provision a new instance within VirtualBox and run all the tests necessary to verify the Ansible playbook is valid. By default it runs the bare provisioning.

TODO

Add LB role

mastodon-ansible's People

Contributors

Stargazers

Watchers

Forkers

jparrill futoase helldorado fahrstuhl deithso p4ndafr lukehoersten kidmam linuxmail awooo-club danbruder eloydegen azurecloudmonk mandark321 ltsavar berkes nd2687 phaer bamartos vegaelle scoiatael alperen21 maniacs-oss agru ajdelgado stjordanis madclumsil33t jarno4 jstet askagirl anon-planet devs-r-us davidmhewitt jeffreykaplan sethetter illumi241 l3ib danielroe loleg ineffyble itsshiki aytvill backbayrider slamanna212 elise-mi jwmoss padthaitofuhot andibraeu peterklipfel jahway603 thunderysteak gabrin tungbq seanpm2001 chanyetet rlywtf agustux ayoayco eu90h maxwell-kalin

mastodon-ansible's Issues

Add role for actually cloning/initializing Mastodon, including systemd service configurations

I'm currently interested in writing that role, since i need this playbook to work completely to deploy mastodon, i've a few questions before starting, though :

What would be the best : Deploying for packages or sources ?
Would a split of tasks like this one be good ? => a deploy.yml file included in the role/web/main.yml file, containing git clone / package install.

I'm still hesitating about the naming, if you have any suggestions i'll take it.

Amazing job for the rest of the env deployment otherwise !

Hoping you see this :)

Feature: ElasticSearch support

Support setting up ElasticSearch for full-text search.

Question: Do we want to add more variables that correspond with mastodon configuration, or a single variable for arbitrary config?

Question for maintainers of this repo:

Would we rather add more optional variables that correspond with Mastodon configuration variables?

Or do we think maintaining those is an unnecessary overhead, and we'd rather have an extra_mastodon_config variable that lets the user define arbitrary key-value pairs to add to .env.production?

Ansible 7.1.0 not found for the listed pip and python requirements

on Ubuntu focal 20.04 with

Python 3.8.10
virtualenv 20.0.17
pip 20.0.2

Running pip install -r requirements.txt throws:

ERROR: Could not find a version that satisfies the requirement ansible==7.1.0 (from -r requirements.txt (line 1)) (from versions: 1.0, 1.1, 1.2, 1.2.1, 1.2.2, 1.2.3, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.4, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.5, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.6, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.7, 1.7.1, 1.7.2, 1.8, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.9.0.1, 1.9.1, 1.9.2, 1.9.3, 1.9.4, 1.9.5, 1.9.6, 2.0.0.0, 2.0.0.1, 2.0.0.2, 2.0.1.0, 2.0.2.0, 2.1.0.0, 2.1.1.0, 2.1.2.0, 2.1.3.0, 2.1.4.0, 2.1.5.0, 2.1.6.0, 2.2.0.0, 2.2.1.0, 2.2.2.0, 2.2.3.0, 2.3.0.0, 2.3.1.0, 2.3.2.0, 2.3.3.0, 2.4.0.0, 2.4.1.0, 2.4.2.0, 2.4.3.0, 2.4.4.0, 2.4.5.0, 2.4.6.0, 2.5.0a1, 2.5.0b1, 2.5.0b2, 2.5.0rc1, 2.5.0rc2, 2.5.0rc3, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.5.7, 2.5.8, 2.5.9, 2.5.10, 2.5.11, 2.5.12, 2.5.13, 2.5.14, 2.5.15, 2.6.0a1, 2.6.0a2, 2.6.0rc1, 2.6.0rc2, 2.6.0rc3, 2.6.0rc4, 2.6.0rc5, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.7.0.dev0, 2.7.0a1, 2.7.0b1, 2.7.0rc1, 2.7.0rc2, 2.7.0rc3, 2.7.0rc4, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.7.5, 2.7.6, 2.7.7, 2.7.8, 2.7.9, 2.7.10, 2.7.11, 2.7.12, 2.7.13, 2.7.14, 2.7.15, 2.7.16, 2.7.17, 2.7.18, 2.8.0a1, 2.8.0b1, 2.8.0rc1, 2.8.0rc2, 2.8.0rc3, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.8.6, 2.8.7, 2.8.8, 2.8.9, 2.8.10, 2.8.11, 2.8.12, 2.8.13, 2.8.14, 2.8.15, 2.8.16rc1, 2.8.16, 2.8.17rc1, 2.8.17, 2.8.18rc1, 2.8.18, 2.8.19rc1, 2.8.19, 2.8.20rc1, 2.8.20, 2.9.0b1, 2.9.0rc1, 2.9.0rc2, 2.9.0rc3, 2.9.0rc4, 2.9.0rc5, 2.9.0, 2.9.1, 2.9.2, 2.9.3, 2.9.4, 2.9.5, 2.9.6, 2.9.7, 2.9.8, 2.9.9, 2.9.10, 2.9.11, 2.9.12, 2.9.13, 2.9.14rc1, 2.9.14, 2.9.15rc1, 2.9.15, 2.9.16rc1, 2.9.16, 2.9.17rc1, 2.9.17, 2.9.18rc1, 2.9.18, 2.9.19rc1, 2.9.19, 2.9.20rc1, 2.9.20, 2.9.21rc1, 2.9.21, 2.9.22rc1, 2.9.22, 2.9.23rc1, 2.9.23, 2.9.24rc1, 2.9.24, 2.9.25rc1, 2.9.25, 2.9.26rc1, 2.9.26, 2.9.27rc1, 2.9.27, 2.10.0a1, 2.10.0a2, 2.10.0a3, 2.10.0a4, 2.10.0a5, 2.10.0a6, 2.10.0a7, 2.10.0a8, 2.10.0a9, 2.10.0b1, 2.10.0b2, 2.10.0rc1, 2.10.0, 2.10.1, 2.10.2, 2.10.3, 2.10.4, 2.10.5, 2.10.6, 2.10.7, 3.0.0b1, 3.0.0rc1, 3.0.0, 3.1.0, 3.2.0, 3.3.0, 3.4.0, 4.0.0a1, 4.0.0a2, 4.0.0a3, 4.0.0a4, 4.0.0b1, 4.0.0b2, 4.0.0rc1, 4.0.0, 4.1.0, 4.2.0, 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, 4.9.0, 4.10.0, 5.0.0a1, 5.0.0a2, 5.0.0a3, 5.0.0b1, 5.0.0b2, 5.0.0rc1, 5.0.1, 5.1.0, 5.2.0, 5.3.0, 5.4.0, 5.5.0, 5.6.0, 5.7.0, 5.7.1, 5.8.0, 5.9.0, 5.10.0, 6.0.0a1, 6.0.0a2, 6.0.0a3, 6.0.0b1, 6.0.0b2, 6.0.0rc1, 6.0.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 6.5.0, 6.6.0, 6.7.0)
ERROR: No matching distribution found for ansible==7.1.0 (from -r requirements.txt (line 1))

Bare playbooks needed a few modifications to run properly

Hello,

I had trouble running the bare playbook on a pristine Ubuntu VPS. Here are the steps/changes I needed to take to make things happen:

Not 100% sure why, but I had to run the playbook from the root of the project, referencing bare/playbook.yml instead of from the bare folder, referencing only playbook.yml
Add a mastodon_host variable alongside local_domain in my secrets.yml file (file that I also added to the .gitignore to avoid surprise leaks)
Update the web/packages.yml to work with the structure of the variables, similarly to how the postgres/packages.yml worked
Split the nginx installation into two steps, so that let's encrypt wouldn't hit a 403 forbidden due to wrong file permissions:
1. Installing nginx and setting file permissions
2. Configuring nginx to proxy mastodon
  this way, let's encrypt can be run between 1 and 2 and properly respond to the challenge. Otherwise, nginx would still be in the www-data group and not have access to Mastodon's public folder
Update the letsencrypt task to use certbot and add it to the packages being installed
Because of the domain I'm using, the email for mastodon wasn't on the mastodon domain so I added a mastodon_email variable to store it (alongside a letsencrypt_email one as well).

Feel free to have a look at these commits for the changes 😄

Missing variable mastodon_host

Hi. Thanks for the great playbook. Did I miss a step where I define a variable? TIA

fatal: [prox-vm-mastodon]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'mastodon_host' is undefined\n\nThe error appears to be in 'bare/roles/web/tasks/letsencrypt.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- stat: path=/etc/letsencrypt/live/{{ mastodon_host }}/fullchain.pem\n ^ here\nWe could be wrong, but this one looks like it might be an issue with\nmissing quotes. Always quote template expression brackets when they\nstart a value. For instance:\n\n with_items:\n - {{ foo }}\n\nShould be written as:\n\n with_items:\n - "{{ foo }}"\n"}

Make compatible with RHEL/CentoS 7

Hi there buddies,

If you want I could develop some recipes to make compatible those playbooks with Red Hat and CentOS platform. Maybe also take a hand with other issues ;).

Requirements:

Make Compatible with RHEL7/CentOS7
Adapt Vagrantfile for testing

jemalloc-devel missing on RHEL based distributions when performing manual updates

When performing manual update as instructed in main Mastodon releases using RUBY_CONFIGURE_OPTS=--with-jemalloc rbenv install, update fails due to missing package:

[mastodon@mastodon live]$ RUBY_CONFIGURE_OPTS=--with-jemalloc rbenv install
==> Downloading ruby-3.2.3.tar.gz...
-> curl -q -fL -o ruby-3.2.3.tar.gz https://cache.ruby-lang.org/pub/ruby/3.2/ruby-3.2.3.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 19.6M  100 19.6M    0     0  86.4M      0 --:--:-- --:--:-- --:--:-- 86.4M
==> Installing ruby-3.2.3...
-> ./configure "--prefix=$HOME/.rbenv/versions/3.2.3" --enable-shared --with-ext=openssl,psych,+ --with-jemalloc

BUILD FAILED (Rocky Linux 8.9 on x86_64 using ruby-build 20240119)

You can inspect the build directory at /tmp/ruby-build.20240206185017.3936147.6dqyYl
See the full build log at /tmp/ruby-build.20240206185017.3936147.log
[mastodon@mastodon live]$ tail /tmp/ruby-build.20240206185017.3936147.log
checking for ucontext.h... yes
checking for utime.h... yes
checking for x86intrin.h... yes
checking for x86intrin.h when defined(__x86_64__)... yes
checking for gmp.h... no
checking for jemalloc/jemalloc.h... no
checking for jemalloc.h... no
checking for jemalloc library... no
configure: error: jemalloc requested but not found
external command failed with status 1

Installing the package fixes it and allows manual patching per Mastodon instructions

[mastodon@mastodon ~]$ sudo dnf install jemalloc-devel
Last metadata expiration check: 0:13:10 ago on Tue 06 Feb 2024 06:38:50 PM EST.
Dependencies resolved.
========================================================================================================================
 Package                          Architecture             Version                         Repository              Size
========================================================================================================================
Installing:
 jemalloc-devel                   x86_64                   5.2.1-2.el8                     epel                    88 k

Transaction Summary
========================================================================================================================
Install  1 Package

Total download size: 88 k
Installed size: 214 k
Is this ok [y/N]: y
Downloading Packages:
jemalloc-devel-5.2.1-2.el8.x86_64.rpm                                                   256 kB/s |  88 kB     00:00
------------------------------------------------------------------------------------------------------------------------
Total                                                                                   106 kB/s |  88 kB     00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                1/1
  Installing       : jemalloc-devel-5.2.1-2.el8.x86_64                                                              1/1
  Running scriptlet: jemalloc-devel-5.2.1-2.el8.x86_64                                                              1/1
  Verifying        : jemalloc-devel-5.2.1-2.el8.x86_64                                                              1/1

Installed:
  jemalloc-devel-5.2.1-2.el8.x86_64

Complete!
[mastodon@mastodon live]$ RUBY_CONFIGURE_OPTS=--with-jemalloc rbenv install
==> Downloading ruby-3.2.3.tar.gz...
-> curl -q -fL -o ruby-3.2.3.tar.gz https://cache.ruby-lang.org/pub/ruby/3.2/ruby-3.2.3.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 19.6M  100 19.6M    0     0  86.8M      0 --:--:-- --:--:-- --:--:-- 86.8M
==> Installing ruby-3.2.3...
-> ./configure "--prefix=$HOME/.rbenv/versions/3.2.3" --enable-shared --with-ext=openssl,psych,+ --with-jemalloc
-> make -j 2
-> make install
==> Installed ruby-3.2.3 to /home/mastodon/.rbenv/versions/3.2.3

There might be a similar issue with Ubuntu/Debian distros that will require testing.

Permission steps during updates against an existing instance cause major playbook execution slowdowns & high CPU usage on NFS backed storage

When using the playbook against an existing instance (as part of updates) that is either a part of a larger relay, or has a lot of media files, the file permission tasks crawls media folders as well:
https://github.com/mastodon/mastodon-ansible/blob/main/bare/roles/web/tasks/mastodon-postflight.yml#L102

As Ansible crawls every single media file, it causes the execution to take way too long to perform as it edits every single media file permissions. In testing, it took over two hours and it appeared to be stuck.

This gets worse on NFS backed storage, as Ansible rapidly hammers it and causes the CPU to majorly spike up. Obviously this isn't really ideal.

Mastodon with NFS backed storage Playbook for error replication:
https://github.com/thunderysteak/steaks-ansible-playbooks/tree/main/nfs-mastodon-media

Suggestions on how to solve this:

Omit /home/mastodon/live/public/system from having chown tasks performed against it
Same as above but put it behind a feature flag for backwards compatibility with the default behavior being DISABLED.

Tasks that cause issues:

Ensure that we have correct file permissions with owner being the user and NGINX being the group
Ensure that we have correct file permissions with owner being the user and www-data being the group
Ensure that we have correct selinux context permissions for RedHat systems
Restore selinux condition on RedHat systems
Create folder structure for Mastodon public folder

Broken, needs to place certificates in nonexistend folder

fatal: [1.2.3.4]: FAILED! => {"changed": false, "cmd": "letsencrypt certonly -n --webroot -d domain.com -w /home/mastodon/live/public/ --email [email protected] --agree-tos", "msg": "[Errno 2] No such file or directory: b'letsencrypt'", "rc": 2, "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}

Playbook runs fine on Debian stretch, what next -> Ruby problems

Hello,

I'm new to Ansible and was able to run it and it seems, all went fine. Now I'm stuck a bit, because of Gem wants to install to /usr/lib/.... but its not allowed as user Mastodon.

I started with the prduction guide on "Dependencies That Need To Be Added As A Non-Root User"

mastodon@mammoth:~/live$ gem install bundler
ERROR:  While executing gem ... (Gem::FilePermissionError)
    You don't have write permissions for the /usr/lib/rbenv/versions/2.5.1/lib/ruby/gems/2.5.0 directory.

So, I'm asking, if I have to use "su" (which won't work too, because of missing path) or tell gem to make use of --user-install ... but

gem install --user-install bundler
WARNING:  You don't have /home/mastodon/.gem/ruby/2.5.0/bin in your PATH,
	  gem executables will not run.
rbenv: cannot rehash: /usr/lib/rbenv/shims isn't writable
Successfully installed bundler-1.16.3
Parsing documentation for bundler-1.16.3
Done installing documentation for bundler after 2 seconds
1 gem installed

so, bundler works in the end, but fails with installing the dependencies, because of missing path ...

I think, to mix Ruby install on /usr/lib/* and doing "things" as user "mastodon" won't work in this way :-)

I played a bit more and added the PATH "/home/mastodon/.gem/ruby/2.5.0/bin" to the $PATH ... just for fun and a bit later:

Installing cld3 3.2.2 with native extensions
Gem::Ext::BuildError: ERROR: Failed to build gem native extension.

    current directory: /home/mastodon/live/vendor/bundle/ruby/2.5.0/gems/cld3-3.2.2/ext/cld3
/usr/lib/rbenv/versions/2.5.1/bin/ruby -r ./siteconf20180819-2252-1u06vfn.rb extconf.rb
Failed to locate protobuf

cu denny

DNS01 challenge

HI,
I was experimenting with Mastodon playbook and came across letsencrypt section where HTTP01 challenge is performed. I was wondering if there any limitation for DNS01 challenge implementation in this playbook? The reason why I am asking due to the following requirement of HTTP01:

The HTTP-01 challenge can only be done on port 80. Allowing clients to specify arbitrary ports would make the challenge less secure, and so it is not allowed by the ACME standard

I am willing to contribute, if that's something you would be interested in.

Adding full support for production mode

Hello,

After browsing the installation documentation, the playbook and related tasks in the different roles, it lacks bits so that it is really redy-to-go.

Can i send a PR?

mastodon / mastodon-ansible Goto Github PK

mastodon-ansible's Introduction

Ansible playbook for installing Mastodon

Prerequisites for running the playbook

Setup

Running the playbooks

Bare

Roles

Example

Preflight Checks

Settings

web

Settings

PostgresSQL

Settings

Examples

redis

Settings

Docker

Testing

Continuous Integration

Local testing

TODO

mastodon-ansible's People

Contributors

Stargazers

Watchers

Forkers

mastodon-ansible's Issues

Recommend Projects

Recommend Topics

Recommend Org