开源软件名称(OpenSource Name):jamesprior/mastodon_docker_swarm开源软件地址(OpenSource Url):https://github.com/jamesprior/mastodon_docker_swarm开源编程语言(OpenSource Language):HCL 58.2%开源软件介绍(OpenSource Introduction):AboutA set of terraform scripts and shell scripts used by kcmo.social to create a docker swarm running mastodon. It supports one production environment and one staging environment as a subdomain. Currently it is fixed on three manager nodes and requires setting up a custom image in digital ocean. If you're thinking of using this to start your own instance you should have some basic familiarity with or desire to learn:
This is designed to be an easily scalable setup, it is not designed to be a wholly fault tolerant automatic scaling setup. Postgres, Redis, and Traefik all run single instances on a labeled node to avoid having to share data between nodes. If one of those droplets goes down you'll still need to restore the data (but there are backups!). If you want to move those sevices you must move those volumes too. Droplent creation and swarm management is done with the terraform module from https://github.com/thojkooi/terraform-digitalocean-docker-swarm-mode Setup the prerequisitesFork this repo so you can make changes for your environment. The host computer will need a copy of Update You should now be able to run Copy the sample secrets file into each staging and production environment.
Keep in mind that these are 'secret' as in they won't be checked into source control, but they may be
visible in the terraform state files. Edit Here's a list of things you'll need to create once or configure outside of terraform before setting in
a
Droplet ImagesThis uses a private image provisioned with the To build your own, start up the smallest droplet available and run the setup script on the server.
After everything has installed power down the server with
Find the image ID corresponding to your new image and set it in the Administration and MonitoringOnce the terraform has run successfully it will output the first manager node, for example manager-01.nyc1.kcmo.social. It will leave a few files in the mastodon user's home account for administering the mastodon stack. It also runs Portainer for container monitoring and management and Traefik for SSL termination directing traffic to services in the cluster. They both have management interfaces available via SSH tunnels. Start an SSH tunnel to a node with:
Then visit http://localhost:9000/#/home for docker swarm management with Portainer. Visit http://localhost:8080 for external HTTP traffic monitoring with Traefik. To run rake commands ssh to manager-01 and invoke the command with:
For example, to make alice an admin ( See https://github.com/tootsuite/documentation/blob/master/Running-Mastodon/Administration-guide.md for more info)
You can also use the portainer interface to open a console on one of the containers running mastodon image and run the same rails commands. Service placementPostgres, Redis, and Traefik depend on state stored in docker volumes which are unique per-node, which means that they should always be started on the same nodes. If they need to be moved, it requires admin intervention to move the docker volume to a new host, or to restore from a backup. The web, streaming, and sidekiq services are more portable and can run on any node. Because of that, Postgres, Redis, and Traefik will only run on nodes with labels matching the service name set
to true, eg postgres will only run on a node with The more portable workers will run on any available node. If you want to prevent them from running on a node
you must add a label to the node with the service name set to false. For example,
SecurityThis terraform will store sensitive information in the tfstate. You should not check this into source control. If you do choose to store it, make sure that it is in a secure location. If you are storing it in S3 that means the bucket IS NOT PUBLIC, ideally encrypted at rest with access logs. See https://tosbourn.com/hiding-secrets-terraform/ for more information. Access to the droplets is controlled by SSH keys and inbound SSH IP address filters. Only the mastodon web services are exposed externally. Portainer is a powerful container management interface and it is not pre-configured with a password, but it is only available via ssh tunneling. First time startupWhen starting up a cluster for the first time the scripts have a lot to do. If a step fails, it is
safe to re-run When the terraform apply is complete you will need to set up the database. SSH to a manager and run:
Making changesIf you change the mastodon environment, variables used in the environment, or the mastodon stack just re-run
You can also ssh to a server and do it manually, use portainer, or force a redeploy by tainting the
terraform resource with If you just want to start over with all new machines you can remove them with BackupsBackups of named docker volumes are scheduled to occur nightly. This includes postgres, redis, traefik, and any user data that was uploaded locally insted of to remote object storage (like Digital Ocean Spaces). Backups are kept for 21 days, full backups every 7 days. Postgres is backed up as a full sql dump. The backup engine is Duplicity, and while it is possible to restore manually it's recommended to use the duplicity tool for restores. UpgradingChange the SSH to the machine running the docker container (manager-01), then find the postgres container id with Then take a backup, eg: If the upgrade notes require it run the DB migrations with:
Once the migration is complete you can use terraform to deploy the changes, eg
You can run tootctl cache clear with:
|
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论