Project

General

Profile

Common operations on X-as-a-Service » History » Revision 12

Revision 11 (Timothée Floure, 03/20/2020 03:28 PM) → Revision 12/13 (Timothée Floure, 03/20/2020 03:31 PM)

h1. Common operations on X-as-a-Service 

 h2. Matrix-as-a-Service 

 Ask @fnux for help if needed. 

 h3. Contact customer for setup informations 

 Do not forget to replace @$CUSTMER@! 

 <pre> 
 Hello $CUSTOMER, 

 I will deploy your Matrix homeserver and need a few configuration details from 
 you. I do not know how familiar you are with Matrix or technical terms: 
 do not hesitate to tell me if I go to fast or to slow for you. 

 First of all, each Matrix homeserver is linked to domain name (you users will look 
 like `@username:domain.tld`) for federation. I can offer you two options here, 
 but remember that the chosen domain name cannot be changed afterward: 

   * Your own domain (e.g. domain.tld). 
   * One domain controlled by ungleich (e.g. $CUSTOMER.0co2.cloud, 
     $CUSTOMER.ungleich.cloud). 

 Secondly, I will deploy a Riot web matrix client for convenience (you can use 
 the desktop or smartphone clients as well) and need a domain for that as well: 

   * Your own domain (e.g. matrix.domain.tld) 
   * One domain controlled by ungleich (e.g. matrix.$CUSTOMER.0c02.cloud). 

 Lastly, I will configure the Matrix homeserver for you. You can ask us to set 
 any configuration option but we at least need to know your preferences in term 
 of registration: 
   * Should it be backed by an existing user directory (LDAP)? 
   * Should registrations be filtered by domain of email address? (e.g. anyone 
     with a @domain.tld email address can register). 
   * Should anyone be allowed to register? 

 Feel free to ask me any matrix-related question, as I am a heavy matrix user 
 myself. 

 Best Regards, 

 --  
 </pre> 

 h3. Deploy new MaaS instance 

 *Note:* synapse and riot extra parameters are documented in the __matrix_synapse and __matrix_riot types. WIP -> ask @fnux for now. 

 * Contact customer to get configuration details (this might take some time => do it first). 
 * Allocate VM in OpenNebula, based on Debian 10 (IPv6Only). 
 * Attach HDD storage to created VM (Help: [[Common operations at DCLIPv6OnlyHosting]]). 
   - Create EXT4 filesystem: @mkfs.ext4 $DEVICE@ 
   - Add FSTAB entry for /var on $DEVICE. 
     - Get UUID with @blkid@. 
     - Should look like: @UUID=$MY_UUID         /var      ext4      errors=remount-ro         1         2@ 
     - Mount data disk on /mnt. 
     - Move content of /var to /mnt. 
     - Unmount data disk from /mnt. 
     - Mount data disk to /var with @mount -a@ (uses configuration in /etc/fstab). 
     - *Reboot* and make sure that /var is properly mounted. 
 * Make sure VM is up-to-date (base image might be old). 
   - @apt update@ 
   - @apt upgrade@ 

 * Once you get details from customer, configure DNS entries: 
   - Main homeserver address: @$CUSTOMER.matrix.ungleich.cloud@ 
     - @files/dns/matrix.ungleich.cloud@ in dot-cdist. 
   - Whatever is needed for Riot-web. 
   - Do not forget to configure the IPv4-to-IPv6 proxy! See [[Common operations on IPv4-to-IPv6-Proxy]]. 

 * Add server to matrix-as-a-service manifest in dot-cdist. Deploy. 
   - You can find the detailed parameters of synapse and riot in the @__matrix_synapse@ and @__matrix_riot@. 
 * Create initial admin user: 
   - Register new user, either via riot (standard user to be promoted afterwards) or @/usr/bin/register_new_matrix_user@ on server. 
     - Any user can be promoted by a simple SQL query: 
       + On server, open postgresql shell: @sudo -u postgres psql matrix-synapse@ 
       + List users: @SELECT * FROM users;@ 
       + Make user admin: @UPDATE users SET admin = 1 WHERE name = '@fnux:matrix-staging.ungleich.ch';@ 
   - Once the initial admin user is created, you can access the web management UI: https://admin.matrix.ungleich.cloud/ (use server FQDN as homeserver). 
 * Configure federation: 
   - Federation defaults to port 8448 and matrix server name. We have to redirect it to $CUSTOMER.matrix.ungleich.cloud on port 443. 
   - Delegation works with a well-known URL served on matrix server name: @/.well-known/matrix/server@ returning @{"m.server": "$CUSTOMER.matrix.ungleich.cloud:443"}@. 
   - While we are at it, also configure homeserver discovery for clients: @/.wll-known/matrix/client@ returning @{ "m.homeserver": { "base_url": "https://ungleich.matrix.ungleich.cloud" } }@. 
   - For a custom domain, either the client do it by himself or redirect the domain to the the matrix server. There are examples in the matrix-as-a-service manifest. 
   - *Check that everything looks good with the Federation tester:* https://federationtester.matrix.org/ 
 * Optional: customize hoster riot welcome page (--homepage riot extra parameter) 

 h3. Upgrade a running MaaS instance 

 *Always read "synapse changelog":https://github.com/matrix-org/synapse/releases first!* 
 *Always work and test on the staging instance first!* 

 * @ssh root@staging.matrix.ungleich.cloud@ 
 * https://matrix-staging.ungleich.cloud 

 Unattended upgrade automatically apply security upgrades to the VM: you only have to update synapse (the matrix homserver) from time to time. It usually boils down to a simple @apt update; apt upgrade@. 

 *Note*: the matrix-synapse synapse comes from the "debian (buster) backports repository":https://packages.debian.org/buster-backports/matrix-synapse. APT can be told/forced to use it with the @-t buster-backports@ flag. 

 h3. Deploy Matterbridge application service 

 You can directly use the @__matterbridge@ type: 
 * See deployment on ungleich.matrix.ungleich.cloud for inspirations (matrix-as-a-service dot-cdist manifest) 
 * Matterbridge doc: https://github.com/42wim/matterbridge/wiki