mastodon: tighten resources, robust exec tasks, and env defaults

- resources: per-service cpus/mem/pids for mastodon/streaming/sidekiq/redis/db - compose: rename service key to "mastodon" (was: web), set service_name blocks - tasks(01_setup): run rails db:migrate via docker exec (non-tty, login shell) - tasks(02_administrator): healthchecks for 'mastodon', sed with absolute path, tootctl as user 'mastodon' (non-tty), optional re-health wait - env.j2: add RAILS_ENV={{ ENVIRONMENT | default('production') }} - resource.yml.j2: fix get_app_conf path (service_name default spacing) - docs: remove outdated Installation/Administration files Context: https://chatgpt.com/share/68d332a0-ae98-800f-b418-c0d0262eaa2e
2025-09-24 11:06:24 +02:00 · 2025-09-24 01:52:18 +02:00
parent 426ba32c11
commit 9bf77e1e35
10 changed files with 51 additions and 96 deletions
--- a/roles/docker-container/templates/resource.yml.j2
+++ b/roles/docker-container/templates/resource.yml.j2
@@ -1,4 +1,4 @@
-cpus:               {{ applications | get_app_conf( application_id,  [ 'docker', 'services', service_name|default(application_id | get_entity_name ), 'cpus'            ] |join('.'), False, RESOURCE_CPUS) }}
-mem_reservation:    {{ applications | get_app_conf( application_id,  [ 'docker', 'services', service_name|default(application_id | get_entity_name ), 'mem_reservation' ] |join('.'), False, RESOURCE_MEM_RESERVATION) }}
-mem_limit:          {{ applications | get_app_conf( application_id,  [ 'docker', 'services', service_name|default(application_id | get_entity_name ), 'mem_limit'       ] |join('.'), False, RESOURCE_MEM_LIMIT) }}
-pids_limit:         {{ applications | get_app_conf( application_id,  [ 'docker', 'services', service_name|default(application_id | get_entity_name ), 'pids_limit'      ] |join('.'), False, RESOURCE_PIDS_LIMIT) }}
+cpus:               {{ applications | get_app_conf( application_id,  [ 'docker', 'services', service_name | default(application_id | get_entity_name ), 'cpus'            ] |join('.'), False, RESOURCE_CPUS) }}
+mem_reservation:    {{ applications | get_app_conf( application_id,  [ 'docker', 'services', service_name | default(application_id | get_entity_name ), 'mem_reservation' ] |join('.'), False, RESOURCE_MEM_RESERVATION) }}
+mem_limit:          {{ applications | get_app_conf( application_id,  [ 'docker', 'services', service_name | default(application_id | get_entity_name ), 'mem_limit'       ] |join('.'), False, RESOURCE_MEM_LIMIT) }}
+pids_limit:         {{ applications | get_app_conf( application_id,  [ 'docker', 'services', service_name | default(application_id | get_entity_name ), 'pids_limit'      ] |join('.'), False, RESOURCE_PIDS_LIMIT) }}
--- a/roles/web-app-mastodon/Administration.md
+++ b/roles/web-app-mastodon/Administration.md
@@ -1,39 +0,0 @@
-# Administration
-
-## 🗑️ Cleanup (Remove Instance & Volumes)
-```bash
-cd {{ PATH_DOCKER_COMPOSE_INSTANCES }}mastodon/
-docker-compose down
-docker volume rm mastodon_data mastodon_database mastodon_redis
-cd {{ PATH_DOCKER_COMPOSE_INSTANCES }} &&
-rm -vR {{ PATH_DOCKER_COMPOSE_INSTANCES }}mastodon
-```
-
-## 🔍 Access Mastodon Terminal
-```bash
-docker-compose exec -it web /bin/bash
-```
-
-## 🛠️ Set File Permissions
-After setting up Mastodon, apply the correct file permissions:
-```bash
-docker-compose exec -it -u root web chown -R 991:991 public
-```
-
-# 📦 Database Management
-
-## 🏗️ Running Database Migrations
-Ensure all required database structures are up to date:
-```bash
-docker compose exec -it web bash -c "RAILS_ENV=production bin/rails db:migrate"
-```
-
-# 🚀 Performance Optimization
-
-## 🗑️ Delete Cache & Recompile Assets
-```bash
-docker-compose exec web bundle exec rails assets:precompile
-docker-compose restart
-```
-
-This ensures your Mastodon instance is loading the latest assets after updates.
--- a/roles/web-app-mastodon/Installation.md
+++ b/roles/web-app-mastodon/Installation.md
@@ -1,22 +0,0 @@
-# ⚙️ Configuration & Setup
-
-## 🔧 Create Credentials
-Run the following command to generate a new configuration setup:
-```bash
-    docker pull ghcr.io/mastodon/mastodon:latest
-    # Secret Generation
-    docker run --rm ghcr.io/mastodon/mastodon:latest bundle exec rails secret
-    docker run --rm ghcr.io/mastodon/mastodon:latest bundle exec rails secret
-    # Vapid Key Generation
-    docker run --rm ghcr.io/mastodon/mastodon:latest bundle exec rails mastodon:webpush:generate_vapid_key
-    # ACTIVE_RECORD_ENCRYPTION Generation
-    docker run --rm ghcr.io/mastodon/mastodon:latest bin/rails db:encryption:init
-```
-
-## 🔄 Setup with an Existing Configuration
-```bash
-docker-compose run --rm web bundle exec rails db:migrate
-```
-
-## 🔐 OIDC (OpenID Connect) Authentication Support
-This Mastodon role now **fully supports OpenID Connect (OIDC)**, allowing seamless authentication via identity providers like **Keycloak, Auth0, Google, or other OIDC-compliant services**.
--- a/roles/web-app-mastodon/README.md
+++ b/roles/web-app-mastodon/README.md
@@ -8,12 +8,6 @@ Dive into a decentralized social experience with Mastodon, a vibrant platform th

 This role deploys Mastodon using Docker, streamlining the installation and configuration of a full-featured social networking platform. Mastodon is built to support federation across multiple instances, offering robust content moderation, real-time updates, and flexible API integrations. Its advanced architecture—including separate services for the web frontend, streaming API, and background job processing—ensures high performance and scalability for large communities.

-For detailed configuration and operational instructions, please refer to the following files in this directory:
- [Installation.md](./Installation.md)
- [Administration.md](./Administration.md)
- [Upgrade.md](./Upgrade.md)
- [User_Administration.md](./User_Administration.md)
-
 ## Features

 - **Decentralized Network:** Connect with users across multiple instances in a federated social media ecosystem.
--- a/roles/web-app-mastodon/config/main.yml
+++ b/roles/web-app-mastodon/config/main.yml
@@ -18,18 +18,39 @@ server:
 docker:
  services:
    redis:
-      enabled: true
+      enabled:            true
+      cpus:               "0.3"
+      mem_reservation:    "256m"
+      mem_limit:          "512m"
+      pids_limit:         256
    database: 
-      enabled: true
+      enabled:            true
+      cpus:               "1.0"
+      mem_reservation:    "2g"
+      mem_limit:          "3g"
+      pids_limit:         512
    mastodon: 
-      image:            "ghcr.io/mastodon/mastodon"
-      version:          latest
+      image:              "ghcr.io/mastodon/mastodon"
+      version:            latest
      backup:
        no_stop_required: true
-      name:             "mastodon"
+      name:               "mastodon"
+      cpus:               "1.0"
+      mem_reservation:    "1.5g"
+      mem_limit:          "2g"
+      pids_limit:         512
    streaming: 
-      image:            "ghcr.io/mastodon/mastodon-streaming"
-      version:          latest
-      name:             "mastodon-streaming"
+      image:              "ghcr.io/mastodon/mastodon-streaming"
+      version:            latest
+      name:               "mastodon-streaming"
+      cpus:               "0.3"
+      mem_reservation:    "256m"
+      mem_limit:          "512m"
+      pids_limit:         256
+    sidekiq:
+      cpus:               "0.8"
+      mem_reservation:    "1g"
+      mem_limit:          "1.5g"
+      pids_limit:         512
  volumes:
-    data:               "mastodon_data"
+    data:                 "mastodon_data"
--- a/roles/web-app-mastodon/tasks/01_setup.yml
+++ b/roles/web-app-mastodon/tasks/01_setup.yml
@@ -1,7 +1,6 @@
 - name: "Execute migration for '{{ application_id }}'"
  command:
-    cmd: "docker-compose run --rm web bundle exec rails db:migrate"
-    chdir: "{{ docker_compose.directories.instance }}"  
+    cmd: "docker exec {{ MASTODON_CONTAINER }} bundle exec rails db:migrate"

 - name: "Include administrator routines for '{{ application_id }}'"
  include_tasks: 02_administrator.yml
--- a/roles/web-app-mastodon/tasks/02_administrator.yml
+++ b/roles/web-app-mastodon/tasks/02_administrator.yml
@@ -14,7 +14,7 @@
  delay: 5
  until: healthcheck.stdout == "healthy"
  loop:
-    - web
+    - mastodon
    - streaming
    - sidekiq
  loop_control:
@@ -23,14 +23,12 @@

 - name: Remove line containing "- administrator" from config/settings.yml to allow creating administrator account
  command: 
-    cmd:  "docker compose exec -u root web sed -i '/- administrator/d' config/settings.yml"
-    chdir: "{{ docker_compose.directories.instance }}"
+    cmd:  "docker exec -u root {{ MASTODON_CONTAINER }} sed -i '/- administrator/d' config/settings.yml"
  when: users.administrator.username == "administrator"

 - name: Create admin account via tootctl
  command:
-    cmd: 'docker compose exec -u root web bash -c "RAILS_ENV=production bin/tootctl accounts create {{users.administrator.username}} --email {{ users.administrator.email }} --confirmed --role Owner"'
-    chdir: "{{ docker_compose.directories.instance }}"
+    cmd: 'docker exec -u root {{ MASTODON_CONTAINER }} bash -c "bin/tootctl accounts create {{users.administrator.username}} --email {{ users.administrator.email }} --confirmed --role Owner"'
  register: tootctl_create
  changed_when: tootctl_create.rc == 0
  failed_when: >
@@ -41,7 +39,6 @@
    
 - name: Approve the administrator account in Mastodon
  command: 
-    cmd: docker compose exec -u root web bash -c "RAILS_ENV=production bin/tootctl accounts modify {{users.administrator.username}} --approve"
-    chdir: "{{ docker_compose.directories.instance }}"
+    cmd: docker exec -u root {{ MASTODON_CONTAINER }} bash -c "bin/tootctl accounts modify {{users.administrator.username}} --approve"
  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
--- a/roles/web-app-mastodon/templates/docker-compose.yml.j2
+++ b/roles/web-app-mastodon/templates/docker-compose.yml.j2
@@ -1,9 +1,10 @@
 {% include 'roles/docker-compose/templates/base.yml.j2' %}

-  web:
+  mastodon:
+{% set service_name = 'mastodon' %}
 {% set container_port = 3000 %}
 {% set container_healthcheck = 'health' %}
-    container_name: {{ MASTODON_NAME }}
+    container_name: {{ MASTODON_CONTAINER }}
    image: "{{ MASTODON_IMAGE }}:{{ MASTODON_VERSION }}"
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p {{ container_port }}"
@@ -16,9 +17,10 @@
 {% include 'roles/docker-container/templates/networks.yml.j2' %}

  streaming:
+{% set service_name = 'streaming' %}
 {% set container_port = 4000 %}
 {% set container_healthcheck = 'api/v1/streaming/health' %}
-    container_name: {{ MASTODON_STREAMING_NAME }}
+    container_name: {{ MASTODON_STREAMING_CONTAINER }}
    image: "{{ MASTODON_STREAMING_IMAGE }}:{{ MASTODON_STREAMING_VERSION }}"
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    command: node ./streaming
@@ -29,7 +31,8 @@
 {% include 'roles/docker-container/templates/networks.yml.j2' %}

  sidekiq:
-    container_name: {{ MASTODON_SIDEKIQ_NAME }}
+{% set service_name = 'sidekiq' %}
+    container_name: {{ MASTODON_SIDEKIQ_CONTAINER }}
    image: "{{ MASTODON_IMAGE }}:{{ MASTODON_VERSION }}"
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    command: bundle exec sidekiq
--- a/roles/web-app-mastodon/templates/env.j2
+++ b/roles/web-app-mastodon/templates/env.j2
@@ -8,6 +8,8 @@ ALTERNATE_DOMAINS="{{ domains['web-app-mastodon'][1:] | join(',') }}"
 SINGLE_USER_MODE={{ applications | get_app_conf(application_id, 'single_user_mode') }}
 ALLOWED_PRIVATE_ADDRESSES="{{ MASTODON_ALLOWED_PRIVATE_ADDRESSES }}"

+RAILS_ENV={{ ENVIRONMENT }}
+
 # Debug
 {% if MODE_DEBUG | bool %}
 RAILS_LOG_LEVEL=debug
--- a/roles/web-app-mastodon/vars/main.yml
+++ b/roles/web-app-mastodon/vars/main.yml
@@ -5,10 +5,10 @@ database_type:                        "postgres"
 # Mastodon Specific
 MASTODON_VERSION:                     "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.version') }}"
 MASTODON_IMAGE:                       "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.image') }}"
-MASTODON_NAME:                        "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name') }}"
+MASTODON_CONTAINER:                   "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name') }}"
 MASTODON_VOLUME:                      "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
 MASTODON_STREAMING_VERSION:           "{{ applications | get_app_conf(application_id, 'docker.services.streaming.version') }}"
 MASTODON_STREAMING_IMAGE:             "{{ applications | get_app_conf(application_id, 'docker.services.streaming.image') }}"
-MASTODON_STREAMING_NAME:              "{{ applications | get_app_conf(application_id, 'docker.services.streaming.name') }}"
-MASTODON_SIDEKIQ_NAME:                "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name') }}_sidekiq"
+MASTODON_STREAMING_CONTAINER:         "{{ applications | get_app_conf(application_id, 'docker.services.streaming.name') }}"
+MASTODON_SIDEKIQ_CONTAINER:           "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name') }}_sidekiq"
 MASTODON_ALLOWED_PRIVATE_ADDRESSES:   "{{ networks.local['svc-db-postgres'].subnet if 'web-app-chess' in group_names else ''}}"