Project

General

Profile

Common operations on X-as-a-Service » History » Version 10

Timothée Floure, 03/20/2020 03:27 PM
Minimal matterbridge doc

1 1 Timothée Floure
h1. Common operations on X-as-a-Service
2
3
h2. Matrix-as-a-Service
4
5 3 Timothée Floure
h3. Contact customer for setup informations
6
7
Do not forget to replace @$CUSTMER@!
8
9
<pre>
10
Hello $CUSTOMER,
11
12 4 Timothée Floure
I will deploy your Matrix homeserver and need a few configuration details from
13
you. I do not know how familiar you are with Matrix or technical terms:
14 3 Timothée Floure
do not hesitate to tell me if I go to fast or to slow for you.
15
16
First of all, each Matrix homeserver is linked to domain name (you users will look
17
like `@username:domain.tld`) for federation. I can offer you two options here,
18
but remember that the chosen domain name cannot be changed afterward:
19
20
  * Your own domain (e.g. domain.tld).
21
  * One domain controlled by ungleich (e.g. $CUSTOMER.0co2.cloud,
22
    $CUSTOMER.ungleich.cloud).
23
24
Secondly, I will deploy a Riot web matrix client for convenience (you can use
25
the desktop or smartphone clients as well) and need a domain for that as well:
26
27
  * Your own domain (e.g. matrix.domain.tld)
28
  * One domain controlled by ungleich (e.g. matrix.$CUSTOMER.0c02.cloud).
29
30
Lastly, I will configure the Matrix homeserver for you. You can ask us to set
31
any configuration option but we at least need to know your preferences in term
32
of registration:
33
  * Should it be backed by an existing user directory (LDAP)?
34
  * Should registrations be filtered by domain of email address? (e.g. anyone
35
    with a @domain.tld email address can register).
36
  * Should anyone be allowed to register?
37
38
Feel free to ask me any matrix-related question, as I am a heavy matrix user
39
myself.
40
41
Best Regards,
42
43
-- 
44
</pre>
45
46 1 Timothée Floure
h3. Deploy new MaaS instance
47
48 5 Timothée Floure
WIP -> ask @fnux for now.
49 1 Timothée Floure
50 5 Timothée Floure
* Contact customer to get configuration details (this might take some time => do it first).
51
* Allocate VM in OpenNebula, based on Debian 10 (IPv6Only).
52
* Attach HDD storage to created VM (Help: [[Common operations at DCLIPv6OnlyHosting]]).
53
  - Create EXT4 filesystem: @mkfs.ext4 $DEVICE@
54
  - Add FSTAB entry for /var on $DEVICE.
55
    - Get UUID with @blkid@.
56
    - Should look like: @UUID=$MY_UUID       /var    ext4    errors=remount-ro       1       2@
57
    - Mount data disk on /mnt.
58
    - Move content of /var to /mnt.
59
    - Unmount data disk from /mnt.
60
    - Mount data disk to /var with @mount -a@ (uses configuration in /etc/fstab).
61
    - *Reboot* and make sure that /var is properly mounted.
62 6 Timothée Floure
* Make sure VM is up-to-date (base image might be old).
63
  - @apt update@
64
  - @apt upgrade@
65 1 Timothée Floure
66 6 Timothée Floure
* Once you get details from customer, configure DNS entries:
67
  - Main homeserver address: @$CUSTOMER.matrix.ungleich.cloud@
68
    - @files/dns/matrix.ungleich.cloud@ in dot-cdist.
69
  - Whatever is needed for Riot-web.
70
  - Do not forget to configure the IPv4-to-IPv6 proxy! See [[Common operations on IPv4-to-IPv6-Proxy]].
71
72
* Add server to matrix-as-a-service manifest in dot-cdist. Deploy.
73
  - You can find the detailed parameters of synapse and riot in the @__matrix_synapse@ and @__matrix_riot@.
74
* Create initial admin user:
75 7 Timothée Floure
  - Register new user, either via riot (standard user to be promoted afterwards) or @/usr/bin/register_new_matrix_user@ on server.
76
    - Any user can be promoted by a simple SQL query:
77
      + On server, open postgresql shell: @sudo -u postgres psql matrix-synapse@
78
      + List users: @SELECT * FROM users;@
79
      + Make user admin: @UPDATE users SET admin = 1 WHERE name = '@fnux:matrix-staging.ungleich.ch';@
80
  - Once the initial admin user is created, you can access the web management UI: https://admin.matrix.ungleich.cloud/ (use server FQDN as homeserver).
81 6 Timothée Floure
* Configure federation:
82 8 Timothée Floure
  - Federation defaults to port 8448 and matrix server name. We have to redirect it to $CUSTOMER.matrix.ungleich.cloud on port 443.
83
  - Delegation works with a well-known URL served on matrix server name: @/.well-known/matrix/server@ returning @{"m.server": "$CUSTOMER.matrix.ungleich.cloud:443"}@.
84
  - While we are at it, also configure homeserver discovery for clients: @/.wll-known/matrix/client@ returning @{ "m.homeserver": { "base_url": "https://ungleich.matrix.ungleich.cloud" } }@.
85
  - For a custom domain, either the client do it by himself or redirect the domain to the the matrix server. There are examples in the matrix-as-a-service manifest.
86
  - *Check that everything looks good with the Federation tester:* https://federationtester.matrix.org/
87 1 Timothée Floure
88
h3. Upgrade a running MaaS instance
89
90 9 Timothée Floure
*Always work and test on the staging instance first!*
91
92
* @ssh root@staging.matrix.ungleich.cloud@
93
* https://matrix-staging.ungleich.cloud
94
95
Unattended upgrade automatically apply security upgrades to the VM: you only have to update synapse (the matrix homserver) from time to time. It usually boils down to a simple @apt update; apt upgrade@.
96
97
*Note*: the matrix-synapse synapse comes from the "debian (buster) backports repository":https://packages.debian.org/buster-backports/matrix-synapse. APT can be told/forced to use it with the @-t buster-backports@ flag.
98 1 Timothée Floure
99
h3. Deploy Matterbridge application service
100
101 10 Timothée Floure
You can directly use the @__matterbridge@ type:
102
* See deployment on ungleich.matrix.ungleich.cloud for inspirations (matrix-as-a-service dot-cdist manifest)
103
* Matterbridge doc: https://github.com/42wim/matterbridge/wiki