Tag: fediverse

Running Mastodon on OpenShift

31 December 2022

Tags : openshift, social, fediverse, mastodon

Join the Fediverse with OpenShift

Who knew that fediverse was a portmanteau of "federation" and "universe" ? an ensemble of interconnected servers that are used for microblogging. If you are itching to try out your own Mastodon instance on OpenShift i have just the helm template for you.

It should be as simple as logging into OpenShift and running helm, where CLUSTER_DOMAIN is your cluster apps domain name.

helm upgrade --install my-fediverse . \
  --create-namespace --namespace mastodon \
  --set mastodon.local_domain=mastodon.<CLUSTER DOMAIN>

This will get you a basic server installed, using the lastest Mastodon image. You should change the values.yaml to adjust the default passwords and secrets prior to deploying anything other than a play-around instance - see the README.md for how to use rake to generate new secrets. Once deployed, you should see these pods running in your mastodon namespace.

A note on S3

Mastodon can store its microblogging images in S3. The helm chart uses a minio instance running in OpenShift. In the default configuration, we want the s3 links to be publicly available via anonymous read-only access with the link, but not listable. For now we use the aws cli client to upload this policy manually post-install.

oc -n mastodon port-forward svc/my-fediverse-minio 9000:9000
cat << 'EOF' > /tmp/mastodon-policy.json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:GetObject"
      ],
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "*"
        ]
      },
      "Resource": [
        "arn:aws:s3:::mastodon/*"
      ],
      "Sid": ""
    }
  ]
}
EOF

export AWS_PROFILE=minio
aws --endpoint-url http://localhost:9000 s3api put-bucket-policy --bucket mastodon --policy file:///tmp/mastodon-policy.json

Logging In, Adding users

By default users can self register to your mastodon instance. The user on boarding workflow uses email, so you can deploy using SMTP services. For example a popular service like mailgun with your credentials would look something like this:

helm upgrade --install my-fediverse . \
  --set mastodon.smtp_server=smtp.mailgun.org \
  --set mastodon.smtp_login=postmaster@example.com \
  --set mastodon.smtp_password=123456 \
  --set mastodon.smtp_from_address=mastodon@example.com. \
  --create-namespace --namespace mastodon

If you do not want to set up SMTP just yet, we can also use a manual method. Browse to your mastodon front page and select Create Account.

This will let you sign up. We can rsh into the mastodon pod to manually approve the user. I signed up as eformat and also gave myself the Admin role.

oc rsh $(oc get pods -l app.kubernetes.io/name=mastodon-streaming-mastodon -o name)

RAILS_ENV=production bin/tootctl accounts modify eformat --confirm
RAILS_ENV=production bin/tootctl accounts modify eformat --role Admin

You should see OK printed out when running these commands. Now log back in to mastodon and you should be able to right-click Preferences to administer the server.

I updated the server thumbnail which is stored in your minio s3.

🏅That’s it !! you can find all of the docs and configuration guides online for mastodon.

Commentaires

Mike Hepburn

This is really working out great.

Tags

  1. openshift (10)
  2. gitops (4)
  3. java (3)
  4. quarkus (3)
  5. acm (2)
  6. aiml (2)
  7. argocd (2)
  8. gpu (2)
  9. stable diffusion (2)
  10. analytics (1)
  11. api (1)
  12. apollo (1)
  13. aws (1)
  14. bgp (1)
  15. bird (1)
  16. constraints (1)
  17. cost (1)
  18. devops (1)
  19. disconnected (1)
  20. fediverse (1)
  21. fedora (1)
  22. flink (1)
  23. frr (1)
  24. graphql (1)
  25. load balancing (1)
  26. mastodon (1)
  27. metallb (1)
  28. networking (1)
  29. optaplanner (1)
  30. patterns (1)
  31. platform (1)
  32. platform as product (1)
  33. plausible (1)
  34. policy (1)
  35. pulsar (1)
  36. registries (1)
  37. security (1)
  38. service discovery (1)
  39. sno (1)
  40. social (1)
  41. stork (1)
  42. streaming (1)
  43. teams (1)
  44. vault (1)
  45. vlans openshift (1)
  46. web (1)