Bare playbooks needed a few modifications to run properly about mastodon-ansible HOT 8 CLOSED

I think we need to implement Letsencrypt mechanism into our testing somehow as we can't test it properly

@moritzheiber Let's Encrypt provides a mini server for ACME cert testing for CI tests called Peeble written in Go, what's the best way we could implement it in testing? Docker container is also available. We'd just have to modify the letsencrypt part of the playbook to execute a command similar to certbot certonly --standalone -d mastodon.local --no-verify-ssl --server https://localhost:14000/dir, but I'm not sure what's the best way to go about it

https://github.com/letsencrypt/pebble

from mastodon-ansible.

Did some of this stuff, the playbook went through without errors, but mastodon did not actually come up at the end. I'm bailing out.
EDIT I mean the TASK [web : Check if Mastodon instance is up and running] failed at the end, obviously.

from mastodon-ansible.

Had to also install an additional package to run it on Ubuntu 22.04. Added libjemalloc-dev to packages in bare/vars/debian_vars.yml.

Also, the check at the end also failed for me, even though the instance was up. Unsure why.

from mastodon-ansible.

I adopted a handful of the tweaks listed here and got the LetsEncrypt stuff working.

from mastodon-ansible.

Rather than start a new (somewhat duplicate?) issue, I thought I'd add my own experience getting the bare playbook to run.

I opted to use a self-signed certificate and not bother with proper password vaulting, since I'm bringing up Mastodon in a fairly isolated Vagrant environment (I'm not using this repo's supplied Vagrantfile as I'm adding Mastodon to a machine I defined myself). While this may be a bit unusual, I think it's still a supported configuration.

The extra steps I needed to take were:

1. I needed to add the local_domain variable to common.yml.
2. On a basic install of Debian 11, I also needed the gpg package to be installed.

One thing that I think might also be worth documenting, as it took a bit of debugging to get through, is that the created instance will only respond on local_domain (I think that's the specific variable? ICBW.); localhost ends up 403'ing. It's probably documented somewhere else, but wasn't particularly obvious to me.

Thanks!

from mastodon-ansible.

Rather than start a new (somewhat duplicate?) issue, I thought I'd add my own experience getting the bare playbook to run.

I opted to use a self-signed certificate and not bother with proper password vaulting, since I'm bringing up Mastodon in a fairly isolated Vagrant environment (I'm not using this repo's supplied Vagrantfile as I'm adding Mastodon to a machine I defined myself). While this may be a bit unusual, I think it's still a supported configuration.

The extra steps I needed to take were:

1. I needed to add the `local_domain` variable to `common.yml`.

2. On a basic install of Debian 11, I also needed the `gpg` package to be installed.

One thing that I think might also be worth documenting, as it took a bit of debugging to get through, is that the created instance will only respond on local_domain (I think that's the specific variable? ICBW.); localhost ends up 403'ing. It's probably documented somewhere else, but wasn't particularly obvious to me.

Thanks!

Mastodon uses virtual hosts, so it will only respond to local_domain set variable in env.production of the Mastodon Installation. This is a Mastodon behavior and not an issue with the Playbook.

The local_domain variable is already pre-populated in the secrets template as per documentation.

Please see https://github.com/mastodon/mastodon-ansible/blob/main/Vagrantfile#L24 for reference as you use your own Vagrantfile and not the one supplied in the repo.

from mastodon-ansible.

The local_domain variable is already pre-populated in the secrets template as per documentation.

The same documentation says:

If you prefer not to use Ansible Vault, you can run the playbook as following:

$ ansible-playbook bare/playbook.yml -i <your-host-here>, -u <remote-user> --ask-become-pass -e > 'ansible_python_interpreter=/usr/bin/python3' --extra-vars="mastodon_db_password=your-password redis_pass=your-password mastodon_host=example.com"

I'll raise a PR to make the extra-vars here match the extra-vars in the secrets file (including settings local_domain).

As for the 403, my particular use case was port-forwarding the mastodon port to another machine (something with a web browser installed), so additional entries in /etc/hosts on the VM weren't going to do much, but in retrospect I think I should have just used nginx with nginx_catch_all. Oh well.

from mastodon-ansible.

Suggestion for docs change in #63 .

from mastodon-ansible.