Coder Social home page Coder Social logo

lemmy-ansible's Introduction

Lemmy-Ansible

This provides an easy way to install Lemmy on any server. It automatically sets up an nginx server, letsencrypt certificates, docker containers, pict-rs, and email smtp.

Requirements

To run this ansible playbook, you need to:

  • Have a Debian/AlmaLinux 9-based server / VPS where lemmy will run.
  • Supported CPU architectures are x86-64 and ARM64.
  • Configure a DNS A Record to point at your server's IP address.
  • Make sure you can ssh to it, with a sudo user: ssh <your-user>@<your-domain>
  • Install Ansible (>= 2.11.0 on your local machine (do not install it on your destination server).

Supported Distribution Playbook Matrix

These are the distributions we currently support. Anything not listed here is currently not supported.
If you wish to see another distribution on the list, please test on the latest commit in main and report your findings via an Issue.

Distribution Version Playbook
Debian 10 lemmy.yml
Debian 11 lemmy.yml
Debian 12 lemmy.yml
Ubuntu 22.04 LTS lemmy.yml
RHEL 9 lemmy-almalinux.yml

Install

  1. Clone this repo & checkout latest tag

    git clone https://github.com/LemmyNet/lemmy-ansible.git
cd lemmy-ansible
git checkout $(git describe --tags)

  2. Make a directory to hold your config:

    mkdir -p inventory/host_vars/<your-domain>

  3. Copy the sample configuration file:

    cp examples/config.hjson inventory/host_vars/<your-domain>/config.hjson

    Edit that file and change the config to your liking. Note: Do not edit anything inside the {{ }} braces.

    Here are all the config options.

  4. Copy the sample inventory hosts file:

    cp examples/hosts inventory/hosts

    Edit the inventory hosts file (inventory/hosts) to your liking.

  5. Copy the sample postgresql.conf

    cp examples/customPostgresql.conf inventory/host_vars/<your-domain>/customPostgresql.conf

    You can use the PGTune tool to tune your postgres to meet your server memory and CPU.

  6. Copy the sample vars.yml file

    cp examples/vars.yml inventory/host_vars/<your-domain>/vars.yml

    Edit the inventory/host_vars/<your-domain>/vars.yml file to your liking.

  7. Run the playbook:

    Note: See the "Supported Distribution Playbook Matrix" section above if you should use lemmy.yml or not

    ansible-playbook -i inventory/hosts lemmy.yml

    Note: if you are not the root user or don't have password-less sudo, use this command:

    ansible-playbook -i inventory/hosts lemmy.yml --become --ask-become-pass

    Note: if you haven't set up ssh keys1, and ssh using a password, use the command:

    ansible-playbook -i inventory/hosts lemmy.yml --become --ask-pass --ask-become-pass

    Full ansible command-line docs

    If the command above fails, you may need to comment out this line In the ansible.cfg file:

    interpreter_python=/usr/bin/python3

Upgrading

Since version 1.1.0 we no longer default to using main but use tags to make sure deployments are versioned. With every new release all migration steps shall be written below so make sure you check out the Lemmy Releases Changelog to see if there are any config changes with the releases since your last read.

Upgrading to 1.4.0 (Lemmy 0.19.3 & Pict-rs 0.5.4)

This is a semi-major release which upgrades pict-rs to 0.5 which has support for postgres as a backend. This configuration is not supported by lemmy-ansible for the moment.

Steps

  • git pull && git checkout 1.4.0
  • Read Pictrs' Configuration Changes
  • Amend your vars.yml file to respect the new changes
    • Optional: Add: PICTRS__UPGRADE__CONCURRENCY with a value between 32 and 512 depending on how much RAM/CPU you want to dedicate to the upgrade process. A value of 32 used about 2.5GB of RAM for the migration.
    • Optional: Curl /internal/prepare_upgrade to minimise downtime while upgrading. See the instructions below or the official documentation here
  • Run your regular deployment. Example: ansible-playbook -i inventory/hosts lemmy.yml --become

Upgrading to 1.3.1 (Lemmy 0.19.1)

This is a very minor release but fixes issues relating to federation as part of the Lemmy update.

Steps

  • git pull && git checkout 1.3.1
  • Run your regular deployment. Example: ansible-playbook -i inventory/hosts lemmy.yml --become

Upgrading to 1.3.0 (Lemmy 0.19.0 & Pict-rs 0.4.7)

This is a major change and has required reading! tl;dr

  • Lemmy has been upgraded to 0.19.0
  • pict-rs has been upgraded to 0.4.7
    • pict-rs has not been integrated with postgres yet
  • "Optional Modules" are now available to be added to your lemmy install as provided by the community.
    • The first being pictrs-safety

Steps

  • Prepare to have downtime as the database needs to perform migrations!
  • Run git pull && git checkout 1.3.0
  • Run your regular deployment. Example: ansible-playbook -i inventory/hosts lemmy.yml --become
  • Lemmy will now be down! In testing this takes from 20 to 60 minutes.
    • If you are bored you can ssh into your server, and check the logs on postgres for updates
    • docker compose logs -f postgres while ssh'd and in your Lemmy directory

Update your pict-rs sled-database (Optional)

If you are happy for pict-rs to be down for a while go straight to our 1.3.1 git tag which updates pictrs to 0.5.0. Otherwise keep reading. Starting with 0.5.0 your database will automatically upgrade to the latest version, which will cause downtime for your users. As such there is an intermediary step where you can upgrade your database in the background to prepare for 0.5 (Reference documentation)[https://git.asonix.dog/asonix/pict-rs/releases#user-content-upgrade-preparation-endpoint]. This ensure no-one is caught out by unforseen downtime of multiple services.

Once you have deployed lemmy-ansible 1.3.0 tag, please continue (if you want):

  • Take note of what your pict-rs API Key is under vars.yml
  • Take note of what your docker network name is. (It's normally the domain without any extra characters)
    • You should be able to find it via: docker network ls | grep _default if in doubt.
  • Run the following command replacing api-key with the pict-rs api key, & youdomain with the network name.
  • docker run --network yourdomain_default --rm curlimages/curl:8.5.0 --silent -XPOST -H'X-Api-Token: api-key' 'http://pictrs:8080/internal/prepare_upgrade'
  • This will start the background process updating your database from 0.4 to 0.5 compatible.

This is only Optional, and takes a shorter amount of time than the Lemmy database upgrade, but on huge installations it may take a lot longer.

Optional Module(s)

Our first optional module is pictrs-safety. See the repo linked for more information, especially for integration with pictrs (which is what it is for) Thanks to @db0 for their contribution.
See the pictrs_safety_env_vars under examples/vars.yml for relevant options (and the two password variables)
To enable this module to be used you must ADD pictrs_safety: true to your vars.yml.

Upgrading to 1.2.1 (Lemmy 0.18.5)

This is a minor change which fixes the issue with the Postgres container not using the customPostgres.conf file.

Steps

  • Please regenerate your customPostgres.conf from examples/customPostgres.conf
  • OR
  • Add the following block to your current customPostgres file.
# Listen beyond localhost
listen_addresses = '*'

Upgrading to 1.2.0 (Lemmy 0.18.5)

Major changes:

  • All variables are not under a singular file so you will not need to modify anything: inventory/host_vars/{{ domain }}/vars.yml
  • --become is now optional instead of forced on

Steps

  • Run git pull && git checkout 1.2.0
  • When upgrading from older versions of these playbooks, you will need to do the following:
    • Rename inventory/host_vars/{{ domain }}/passwords/postgres file to inventory/host_vars/{{ domain }}/passwords/postgres.psk
    • Copy the examples/vars.yml file to inventory/host_vars/{{ domain }}/vars.yml
    • Edit your variables as desired
  • Run your regular deployment. Example: ansible-playbook -i inventory/hosts lemmy.yml --become

Upgrading to 1.1.0 (Lemmy 0.18.3)

  • No major changes should be required

Migrating your existing install to use this deploy

  • Follow this guide to backup your existing install.
  • Run docker-compose stop to stop lemmy.
  • Move your docker folders on the server to <lemmy_base_dir>/<your-domain>.
  • Copy your postgres password to inventory/host_vars/<your-domain>/passwords/postgres.
  • Follow the install guide above, making sure your config.hjson is the same as your backup.

Uninstall

ansible-playbook -i inventory/hosts uninstall.yml --become

License

Footnotes

  1. To create an ssh key pair with your host environment, you can follow the instructions here, and then copy the key to your host server.

lemmy-ansible's People

Contributors

0xanansi avatar calbasi avatar codyro avatar cpressland avatar db0 avatar dessalines avatar dkruyt avatar dmtryptamines avatar eslerm avatar fadelkon avatar fmstrat avatar horsejump avatar ismailkarsli avatar jippi avatar marekm4 avatar maxpoulin64 avatar ncorder avatar nothing4you avatar novakeith avatar nutomic avatar pixlguru avatar redkrieg avatar renovate[bot] avatar rulasmur avatar sanatsathaye avatar tealk avatar ticoombs avatar tmpod avatar usr3 avatar zetaphor avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

ncorder calbasi tmpod nothing2obvi bakcodi horsejump fadelkon dmtryptamines redweiweb plumf ketsapiwiq pixlguru devs-r-us v0atmage codeconstructed kayiwa xximj map1eum jesusoctavioas charleybaby redkrieg timp80 nothing4you pc-admin okiyama pineapplemachine novakeith jonaharagon karce ourblind programming-dot-dev efigueroa scriptsandthings pawbsocial groundcat mtthwnestor code-affinity christopher-conley padthaitofuhot lavren1974 zetaphor rulasmur dkruyt binwiederhier 0xanansi xirgo styxem areaofzero cybersiliconforest djtech-dev academician lgerard-pass jippi eslerm bwmabe markthom-as wfpearl kangie openlemmy hpincket zamuz adambowles maxpoulin64 it-is-wednesday usr3 kv-gh dave-jr bakertilly46 fedihosting-foundation-forks tommonkeyman djones4822 adarshahd ticoombs bahmanm gabrin db0 codyro fmstrat sgskinner tifriis208 aapokiiso ismailkarsli murtomaasortaja lemmynsfw madeofstown sanatsathaye soulism-dev lemventory lemy-lol jlandahl remutate aalaaiaanaa seanpm2001

lemmy-ansible's Issues

Can I use Caddy a a reverse proxy

Hello,

I want to host my own lemmy instance but instead of using Nginx as a reverse proxy I want to use Caddy as a reverse proxy since it is easier. Is it possible to just reverse proxy localhost:1235 to my domain and be done with it or I have to do something else?

Thanks in advance!

Fresh install - Email isn't working

Brand new Lemmy install. Fresh VPS.

Hosting provider blocks outbound SMTP so I have to use a smarthost.

No emails are being sent.

Here are the logs:

lemmy_1     | 2022-05-06T21:31:12.413554Z ERROR Websocket Request{trace_id=00000000000000000000000000000000}: lemmy_websocket::handlers: Error during message handling email_send_failed: network error: Resource temporarily unavailable (os error 11)
lemmy_1     |    0: lemmy_api::local_user::perform
lemmy_1     |              at crates/api/src/local_user.rs:772
lemmy_1     |    1: lemmy_websocket::handlers::Websocket Request
lemmy_1     |            with trace_id=00000000000000000000000000000000
lemmy_1     |              at crates/websocket/src/handlers.rs:68
lemmy_1     | 2022-05-06T21:32:13.853246Z ERROR Websocket Request{trace_id=00000000000000000000000000000000}: lemmy_websocket::handlers: Error during message handling email_send_failed: network error: Resource temporarily unavailable (os error 11)
lemmy_1     |    0: lemmy_api::local_user::perform
lemmy_1     |              at crates/api/src/local_user.rs:772
lemmy_1     |    1: lemmy_websocket::handlers::Websocket Request
lemmy_1     |            with trace_id=00000000000000000000000000000000
lemmy_1     |              at crates/websocket/src/handlers.rs:68
lemmy_1     | 2022-05-06T21:32:13.853769Z  INFO lemmy_websocket::handlers: 70.240.239.254 joined
lemmy_1     | 2022-05-06T21:32:14.358259Z  INFO lemmy_websocket::handlers: 70.240.239.254 joined
lemmy_1     | 2022-05-06T21:33:52.157299Z ERROR Websocket Request{trace_id=00000000000000000000000000000000}: lemmy_websocket::handlers: Error during message handling email_send_failed: network error: Resource temporarily unavailable (os error 11)
lemmy_1     |    0: lemmy_api::local_user::perform
lemmy_1     |              at crates/api/src/local_user.rs:772
lemmy_1     |    1: lemmy_websocket::handlers::Websocket Request
lemmy_1     |            with trace_id=00000000000000000000000000000000
lemmy_1     |              at crates/websocket/src/handlers.rs:68
root@liewrap05:/opt/lemmy/federated.community#

Here's the config:

  email: {
    smtp_server: "linycmx01.bofhllc.net:465"
    smtp_login: "REDACTED"
    smtp_password: "REDACTED"
    smtp_from_address: "[email protected]"
    tls_type: "none"
  }

I have tried:

  1. smtp_server: "linycmx01.bofhllc.net:465"
  2. smtp_server: "linycmx01.bofhllc.net:587"
  3. smtp_server: "linycmx01.bofhllc.net"

And each time I have done a docker-compose restart after making changes and saving out the config.

No dice.

Lemmy isn't even generating any traffic to send to my smarthost relay.

Thoughts?

Unable to apdate

When I try to update using the steps mentioned in the README I get the error


fatal: [redacted@redacted]: FAILED! => {"changed": false, "cmd": "apt-get install --no-install-recommends python-apt -y -q", "msg": "E: Package 'python-apt' has no installation candidate", "rc": 100, "stderr": "E: Package 'python-apt' has no installation candidate\n", "stderr_lines": ["E: Package 'python-apt' has no installation candidate"], "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nPackage python-apt is not available, but is referred to by another package.\nThis may mean that the package is missing, has been obsoleted, or\nis only available from another source\nHowever the following packages replace it:\n  python3-apt-dbg python3-apt python-apt-doc python-apt-common\n\n", "stdout_lines": ["Reading package lists...", "Building dependency tree...", "Reading state information...", "Package python-apt is not available, but is referred to by another package.", "This may mean that the package is missing, has been obsoleted, or", "is only available from another source", "However the following packages replace it:", "  python3-apt-dbg python3-apt python-apt-doc python-apt-common", ""]}

Looking at it I can see that there are other packages that are suggested instead of 'python-apt'. Should this be changed somewhere in the config?

Error EAI_AGAIN lemmy after upgrade

Hello,
I've tried to update from 0.16.3 to 0.16.5 with ansible.

It is on my test instance, i use this:

git pull

and

ansible-playbook -vvv -u MYUSERNAME -k -K -i inventory/hosts lemmy.yml --become

It does everything with no error but when I try to visit the website i receive:

404: FetchError: request to http://lemmy:8536/api/v3/site? failed, reason: getaddrinfo EAI_AGAIN lemmy

It's just my problem? What could have gone wrong?

ECONNEREFUSED error

I uninstalled and installed lemmy from scratch copying the ansible instructions exactly but still get this error 404: FetchError: request to http://lemmy:8536/api/v3/site? failed, reason: connect ECONNREFUSED

docker-compose.yml:

version: '2'

services:
  lemmy:
    image: dessalines/lemmy:0.16.7
    ports:
      - "127.0.0.1:26430:8536"
    restart: always
    environment:
      - RUST_LOG="warn,lemmy_server=info,lemmy_api=info,lemmy_api_common=info,lemmy_api_crud=info,lemmy_apub=info,lemmy_db_queries=info,lemmy_db_schema=info,lemmy_db_views=info,lemmy_db_views_actor=info,lemmy_db_views_moderator=info,lemmy_routes=info,lemmy_utils=info,lemmy_websocket=info"
    volumes:
      - ./lemmy.hjson:/config/config.hjson
    depends_on:
      - postgres
      - pictrs

  lemmy-ui:
    image: dessalines/lemmy-ui:0.16.7
    ports:
      - "127.0.0.1:24415:1234"
    restart: always
    environment:
      - LEMMY_INTERNAL_HOST=lemmy:8536
      - LEMMY_EXTERNAL_HOST=(redacted)
      - LEMMY_HTTPS=true
    volumes:
      - ./volumes/lemmy-ui/extra_themes:/app/extra_themes
    depends_on:
      - lemmy

  postgres:
    image: postgres:12-alpine
    environment:
      - POSTGRES_USER=lemmy
      - POSTGRES_PASSWORD=(redacted)
      - POSTGRES_DB=lemmy
    volumes:
      - ./volumes/postgres:/var/lib/postgresql/data
    restart: always

  pictrs:
    image: asonix/pictrs:0.3.1
    user: 991:991
    ports:
      - "127.0.0.1:22450:8080"
    volumes:
      - ./volumes/pictrs:/mnt
    restart: always
    mem_limit: 200m

  postfix:
    image: mwader/postfix-relay
    environment:
      - POSTFIX_myhostname=(redacted)
    restart: "always"

lemmy.hjson:

{
  # for more info about the config, check out the documentation
  # https://join-lemmy.org/docs/en/administration/configuration.html

  database: {
    host: postgres
    password: "(redacted)"
  }
  hostname: "(redacted)"
  pictrs_url: "http://pictrs:8080"
  federation: {
    enabled: true
  }
  email: {
    smtp_server: "postfix:25"
    smtp_from_address: "noreply@(redacted)"
    tls_type: "none"
  }
}

nginx conf looks like it's supposed to anonymize ips but it actually doesn't

lemmy-ansible/templates/nginx.conf

Lines 103 to 111 in c24e8a7

# Anonymize IP addresses
# https://www.supertechcrew.com/anonymizing-logs-nginx-apache/
map $remote_addr $remote_addr_anon {
~(?P<ip>\d+\.\d+\.\d+)\. $ip.0;
~(?P<ip>[^:]+:[^:]+): $ip::;
127.0.0.1 $remote_addr;
::1 $remote_addr;
default 0.0.0.0;
}

this was originally in the initial commit in this repo intended to be anonymizing nginx logs, by cutting off the last bits of ips:
80690af#diff-8f9a7a73ce9c7de4398aaf3ca2224c97dfa796ef199ee4321e7f0b36d9f75162R106-R117

this was however never implemented properly in the first place, as discovered in #5, which changed the log format to combined.

the proper implementation, which would have used the custom log format, would have been access_log /var/log/nginx/access.log lemmy_main; instead of the originally committed access_log /var/log/nginx/access.log main;, or alternatively changing the custom log format name to main by using the following line:

log_format main '$remote_addr_anon - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" "$http_user_agent"';

in addition, if the intention is to actually anonymize ips, you should consider whether you want to forward non-anonymized ips to lemmy services, as they're currently receiving non-anonymized ips through X-Real-IP $remote_addr and X-Forwarded-For $proxy_add_x_forwarded_for.

if there is no intention to anonymize ips, you should remove the map from the config to avoid confusion.

Fresh install fails

Hi guys! Trying to get Lemmy installed on a fresh VPS (Debian 11) and receiving the following error when attempting to go to the site:

404: FetchError: request to http://lemmy:8536/api/v3/site? failed, reason: connect ECONNREFUSED 172.18.0.2:8536

Here's the results of the ansible playbook:

gme@DESKTOP-R7ILMJV:~/lemmy-ansible$ ansible-playbook -i inventory/hosts lemmy.yml

PLAY [all] *************************************************************************************************************

TASK [check lemmy_base_dir] ********************************************************************************************
skipping: [[email protected]]

TASK [install python for Ansible] **************************************************************************************
changed: [[email protected]]

TASK [setup] ***********************************************************************************************************
ok: [[email protected]]

TASK [install dependencies] ********************************************************************************************
changed: [[email protected]]

TASK [request initial letsencrypt certificate] *************************************************************************
changed: [[email protected]]

TASK [create lemmy folder] *********************************************************************************************
changed: [[email protected]] => (item={'path': '/opt/lemmy/federated.community/', 'owner': 'root'})
changed: [[email protected]] => (item={'path': '/opt/lemmy/federated.community/volumes/', 'owner': 'root'})
changed: [[email protected]] => (item={'path': '/opt/lemmy/federated.community/volumes/pictrs/', 'owner': '991'})

TASK [set_fact] ********************************************************************************************************
ok: [[email protected]]

TASK [add template files] **********************************************************************************************
changed: [[email protected]] => (item={'src': 'templates/docker-compose.yml', 'dest': '/opt/lemmy/federated.community/docker-compose.yml', 'mode': '0600'})
changed: [[email protected]] => (item={'src': 'templates/nginx.conf', 'dest': '/etc/nginx/sites-available/federated.community.conf', 'mode': '0644'})

TASK [gather stats on site enabled config] *****************************************************************************
ok: [[email protected]]

TASK [remove if regular file (legacy) instead of symlink] **************************************************************
skipping: [[email protected]]

TASK [enable nginx site] ***********************************************************************************************
changed: [[email protected]]

TASK [add the config.hjson] ********************************************************************************************
changed: [[email protected]]

TASK [enable and start docker service] *********************************************************************************
ok: [[email protected]]

TASK [start docker-compose] ********************************************************************************************
changed: [[email protected]]

TASK [reload nginx with new config] ************************************************************************************
changed: [[email protected]]

TASK [certbot renewal cronjob] *****************************************************************************************
changed: [[email protected]]

PLAY RECAP *************************************************************************************************************
[email protected] : ok=14   changed=10   unreachable=0    failed=0    skipped=2    rescued=0    ignored=0

gme@DESKTOP-R7ILMJV:~/lemmy-ansible$

Here's the contents of config.hjson:

{
  # for more info about the config, check out the documentation
  # https://join-lemmy.org/docs/en/administration/configuration.html

  database: {
    host: postgres
    password: "REDACTED"
  }
  hostname: "federated.community"
  pictrs_url: "http://pictrs:8080"
  federation: {
    enabled: true
  }
  email: {
    smtp_server: "REDACTED"
    smtp_from_address: "noreply@{{ domain }}"
    tls_type: "starttls"
 smtp_login: "REDACTED"
smtp_password: "REDACTED"
  }
}

Any ideas?

"The conditional check 'reg_enabled['stat isreg']' failed. The error was: error while evaluating conditional (reg_enabled['stat isreg']): 'dict object' has no attribute 'stat isreg'

Was setting up a new instance and ran into this after running the ansible playbook.

fatal: [[email protected]]: FAILED! => {
    "msg": "The conditional check 'reg_enabled['stat isreg']' failed. The error was: error while evaluating conditional (reg_enabled['stat isreg']): 'dict object' has no attribute 'stat isreg'\n\nThe error appears to be in '/home/ubuntu/lemmy-ansible/lemmy.yml': line 80, column 9, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n      - name: remove if regular file (legacy) instead of symlink\n        ^ here\n"
}

The issue is exactly where it says it is and changing when: reg_enabled.stat.isreg to when: reg_enabled in lemmy.yml fixes the problem and let's the install finish. Doesn't appear to be any issues with changing......so far.

Setup CI

For one thing, we can run ansible-playbook lemmy.yml --syntax-check

New installation failing

TASK [start docker-compose] *************************************************************************************************** fatal: [[email protected]]: FAILED! => {"changed": false, "errors": [], "module_stderr": "Recreating 33ed084a4353_domaincom_pictrs_1 ... \nRecreating 12eff598f1bf_domaincom_postgres_1 ... \nStarting domaincom_postfix_1 ... \n", "module_stdout": "", "msg": "Error starting project a bytes-like object is required, not 'str'"}

replaced my real domain with placeholder "domain.com" for the sake of privacy

Debian 11 x64 updated install

Use --become -K on update process when no using a key to authenticate

On the installation instructions of the README.md you have a useful note:

Note: if you haven't set up ssh keys, and ssh using a password, use the command:
ansible-playbook -i inventory/hosts lemmy.yml --become --ask-pass --ask-become-pass

I should be added in the Update instructions, because users updating are not reading the installation steps. Or, maybe, just make a reference to it.

In fact, for me, the right command is:

ansible-playbook -i inventory/hosts lemmy.yml --become -K

Related: #23 #22 #15

Cant login after initial setup

Not sure if this is a lemmy issue or a setup. playbook runs fine. set everything up. logout and cannot log back in. It just hangs, any ideas?

Wrong docker image pulled on arm64 systems.

lemmy_docker_image and lemmy_docker_ui_image vars in lemmy.yml should use an arm64 image if the target server is an arm64 based system.

Currently it's defaulted to amd64 which causes exec format error in the lemmy and lemmy-ui images.

It looks like the default is pulled from VERSION

I'm not familiar with Ansible but it looks like using docker_image_module could simplify this and remove the need for updating a version file.

No Email and no pictures

Using default ansible config, email isn't working (tested with forget password button, just gets stuck) and also trying to upload a picture givers error: SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data

Config file:
{

for more info about the config, check out the documentation

https://join-lemmy.org/docs/en/administration/configuration.html

database: {
host: postgres
password: "{{ postgres_password }}"
}
hostname: "{{ domain }}"
pictrs: {
url: "http://pictrs:8686/"
api_key: "{{ postgres_password }}"
}
email: {
smtp_server: "postfix:25"
smtp_from_address: "noreply@{{ domain }}"
tls_type: "none"
}
}

Install instruction don't work

I have no idea what ansible is (sounds like the latest trendiest modern phone app for zoomers), and I'm trying to follow the instructions here, but they don't work. There seems to be critical information missing.

  1. <your-domain> appears, but it doesn't say anywhere what it should be.
    Let's say I created a server accessible at lemmy.mydomain.com; is <your-domain> to be lemmy.mydomain.com or mydomain.com?
  2. config.hjson is pretty minimal, there's no instructions to tell me what to change/add.
    In particular in database: host: postgres there's no machine with that hostname... why is that default? Not localhost?
  3. hosts - Same question as above [email protected] domain=example.com; should domain be lemmy.mydomain.com or mydomain.com?
  4. I think I got the domain and stuff right by trial-and-error, but the install fails on a wall of unformatted json error dump about postgres stuff, of note: error while creating mount source path '/srv/lemmy/lemmy.mydomain.com/volumes/postgres': mkdir /srv/lemmy: read-only file system. I guess the script doesn't create a database... or it's trying to, but something's wrong and it's trying to act on a read-only filesystem?

So, am I supposed to create a database somewhere else? There's no words about this anywhere, and I can't find anybody else complaining about this either by google searching, so I'm obviously completely incompetent, or something went wrong in my config and database creation is failing with unhelpful messages?

I've just started trying random stuff; I've tried to install a database server instance, and set host: localhost, but it doesn't work, outputs the same error shown above. Messing with database users and stuff basically at random... no idea!

I'd suggest to update the install guide to clarify all these points.

Cheers.

EDIT:

For reference:

TASK [start docker-compose] ****************************************************************************************************************************************
fatal: [[email protected]]: FAILED! => {"changed": false, "errors": ["ERROR: for lemmydomaincom_postgres_1  Cannot start service postgres: error while creating mount source path '/srv/lemmy/lemmy.domain.com/volumes/postgres': mkdir /srv/lemmy: read-only file system"], "module_stderr": "Starting lemmydomaincom_postgres_1 ... \nRecreating b308f746aab3_lemmydomaincom_pictrs_1 ... \nStarting lemmydomaincom_postgres_1              ... error\n\nERROR: for lemmydomaincom_postgres_1  Cannot start service postgres: error while creating mount source path '/srv/lemmy/lemmy.domain.com/volumes/postgres': mkdir /srv/lemmy: read-only file system\nRecreating b308f746aab3_lemmydomaincom_pictrs_1 ... error\n", "module_stdout": "", "msg": "Error starting project Encountered errors while bringing up the project."}

Distro version check for installing python3-certbot-nginx

The playbook currently checks the server distro and version to install python-certbot-nginx on Ubuntu versions before 20.04, and python3-certbot-nginx on Ubuntu 20.04 and later. I tested this at some point and it worked. The problem is that this check will make the playbook fail completely on Debian and derivatives.

https://github.com/LemmyNet/lemmy-ansible/blob/main/lemmy.yml#L33

To avoid this issue, i'm thinking to simply remove that check, and always install python3-certbot-nginx. Goal being to make the playbook compatible with as many distros (and distro versions) as possible. So my question to anyone who is familiar with the Python situation on Debian-based distros, does that sound like a good idea?

An alternative solution could be to create separate playbooks for each distro (if we find people to maintain them).

How to manage altered server configuration

Hello,
I see in the config file from Ansible this line:

lemmy-ansible/templates/nginx.conf

Line 54 in d4c1cd0

client_max_body_size 20M; 

# Upload limit for pictrs
client_max_body_size 20M;

From what I can understand there is set that users can upload up to 20MB files, is that correct?

Since this seems excessive I wanted to lower the limit to 2MB. Having used Ansible as a method, can I manually edit the nginx configuration file on my server without having any conflicts whatsoever during the next release updates?

Thanks

Pictrs log file excessive

Checking disk usage and can see pictrs log ("containerid"-json.log) is using 7.6gb of space in about 5 days.

Is anyone else able to check their log size to see this? Or is this unique to me?

If this isnt just me, can a log size cap and log rotation be added to the docker compose file to prevent this? Or the default logging level be lowered in the script?

Problems migrating 0.13.3 to 0.13.5

fatal: [[email protected]]: FAILED! => {"changed": true, "cmd": "nginx -s reload", "delta": "0:00:00.021904", "end": "2021-10-30 08:15:57.700702", "msg": "non-zero return code", "rc": 1, "start": "2021-10-30 08:15:57.678798", "stderr": "nginx: [emerg] unknown log format \"main\" in /etc/nginx/sites-enabled/feddit.de.conf:117", "stderr_lines": ["nginx: [emerg] unknown log format \"main\" in /etc/nginx/sites-enabled/feddit.de.conf:117"], "stdout": "", "stdout_lines": []}

so i guess it should be
access_log /var/log/nginx/access.log lemmy_main;

after that it throws:
fatal: [[email protected]]: FAILED! => {"changed": true, "cmd": "nginx -s reload", "delta": "0:00:00.020002", "end": "2021-10-30 08:19:06.509913", "msg": "non-zero return code", "rc": 1, "start": "2021-10-30 08:19:06.489911", "stderr": "nginx: [emerg] limit_req_zone \"lemmy_ratelimit\" is already bound to key \"$binary_remote_addr\" in /etc/nginx/sites-enabled/lemmy.conf:1", "stderr_lines": ["nginx: [emerg] limit_req_zone \"lemmy_ratelimit\" is already bound to key \"$binary_remote_addr\" in /etc/nginx/sites-enabled/lemmy.conf:1"], "stdout": "", "stdout_lines": []}

Error: sudo: password required

Ansible needs a sudo password to avoid this error:

TASK [install python for Ansible] ******************************************************************************************
fatal: [my_user@my_server]: FAILED! => {"changed": true, "msg": "non-zero return code", "rc": 1, "stderr": "Shared connection to my_server closed.\r\n", "stderr_lines": ["Shared connection to my_server closed."], "stdout": "sudo: es requereix una contrasenya\r\r\n", "stdout_lines": ["sudo: es requereix una contrasenya", ""]}

It can be managed with -K parameter:

ansible-playbook -i inventory/hosts lemmy.yml --become -K

Ansible fails when using the command specified in the documentation

I currently access my server via SSH and a password. Using ansible-playbook -i inventory/hosts lemmy.yml --become --ask-become-pass as written in the documentation results in:

BECOME password:

PLAY [all] ******************************************************************************************************************************************************************************************

TASK [check lemmy_base_dir] *************************************************************************************************************************************************************************
skipping: [[email protected]] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [install python for Ansible] *******************************************************************************************************************************************************************
fatal: [[email protected]]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: [email protected]: Permission denied (publickey,password).", "unreachable": true}

PLAY RECAP ******************************************************************************************************************************************************************************************
[email protected]     : ok=0    changed=0    unreachable=1    failed=0    skipped=1    rescued=0    ignored=0

but adding --ask-pass to the command makes it work successfully.

New internal nginx config breaks sites with an external icon.

One thing I didn't test with this setup: site icons.

We're getting this error on lemmygrad, with a site icon set:

lemmy-ui_1 | FetchError: request to https://lemmygrad.ml/pictrs/image/fb9bc50e-58d5-434b-9b34-c08f6b7ae23d.png failed, reason: getaddrinfo EAI_AGAIN lemmygrad.ml

I think this is because the internal node server doesn't have an external DNS, and can't access any external domains.

A temp fix was to do update site set icon = null where id = 1;

cc @SleeplessOne1917 @Nutomic

[Bug] Registration and emails not working since nginx config change

Hello,

seems that the recent split of nginx files broke something linked to the webservices used to send emails.

Now when trying to register with restricted registration, the following error happens in the main lemmy container:

2023-06-23T11:04:12.445148Z ERROR lemmy_server::api_routes_websocket: email_send_failed: Connection error: failed to lookup address information: Try again
0: lemmy_api_crud::user::create::perform
at crates/api_crud/src/user/create.rs:45
1: lemmy_server::root_span_builder::HTTP request
with http.method=GET http.scheme="http" http.host=0.0.0.0 http.target=/api/v3/ws otel.kind="server" request_id=36c786fe-de62-4202-9bf3-0b6718a2b9fa
at src/root_span_builder.rs:16

Seems that it's indeed the email sent to notify of a new registration requests that is broken.

As a side note, this breaks the request creation and no request appears in the admin validation panel.

It worked when I setup the instance yesterday, a few moments before the change of nginx configuration went live, and broke when I updated using the ansible recommended way, so this change is the likely culprit.

Use a default version, but allow overrides.

Basically:

  • First check to see if there's a lemmy_version in the hosts file, if not, use a VERSION file lookup.

This will allow ppl to easily update to the current version, but also allow dev setups for alternate ones.

Problems with new install

After trying a clean installation several times, according to the available documentation, I ran into a problem that after the installation was completed, when the server was contacted, an error 502 bade gate way appeared. Maybe I missed something, or the installation documentation is incomplete?

No images

I'm setting up https://lemmy.studio/ following this playbook.

I tried uploading an icon and it seems to work:

Screen Shot 2023-06-05 at 12 08 46 PM

But then the image is broken:

Screen Shot 2023-06-05 at 12 09 18 PM

Trying to access it gives:

{"msg":"Error interacting with filesystem, Command failed with bad status"}

Logs from Docker:

pictrs_1    |  http.status_code=500 otel.status_code="ERROR"}:Serving processed image{range=None query=Query([("src", "9ef7fc80-6abc-43c7-a619-cbe2a5f6b554.png"), ("thumbnail", "96")]) ext=Path("webp") store=Data(FileStore { path_gen: "generator", root_dir: "/mnt" })}: pict_rs: close time.busy=8.77ms time.idle=223ms
pictrs_1    | 2023-06-05T19:09:13.613826Z  INFO HTTP request{http.method=GET http.route=/image/process.{ext} http.flavor=1.1 http.scheme=http http.host=pictrs:8080 http.client_ip=143.198.100.27 http.user_agent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/113.0 http.target=/image/process.webp?src=9ef7fc80-6abc-43c7-a619-cbe2a5f6b554.png&thumbnail=96 otel.name=HTTP GET /image/process.{ext} otel.kind="server" request_id=93e3ea46-1a85-4771-842b-13b42fcbe006 trace_id=00000000000000000000000000000000 exception.message=Error interacting with filesystem, Command failed with bad status
pictrs_1    |    0: pict_rs::concurrent_processor::Processing image
pictrs_1    |            with path="thumbnail/96/99240128-eeda-483f-a555-21c8c651d0db.png.webp" completed=true
pictrs_1    |              at src/concurrent_processor.rs:48
pictrs_1    |    1: pict_rs::Serving processed image
pictrs_1    |            with range=None query=Query([("src", "9ef7fc80-6abc-43c7-a619-cbe2a5f6b554.png"), ("thumbnail", "96")]) ext=Path("webp") store=Data(FileStore { path_gen: "generator", root_dir: "/mnt" })
pictrs_1    |              at src/main.rs:342
pictrs_1    |    2: tracing_actix_web::root_span_builder::HTTP request
pictrs_1    |            with http.method=GET http.route=/image/process.{ext} http.flavor=1.1 http.scheme=http http.host=pictrs:8080 http.client_ip=143.198.100.27 http.user_agent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/113.0 http.target=/image/process.webp?src=9ef7fc80-6abc-43c7-a619-cbe2a5f6b554.png&thumbnail=96 otel.name=HTTP GET /image/process.{ext} otel.kind="server" request_id=93e3ea46-1a85-4771-842b-13b42fcbe006 trace_id=00000000000000000000000000000000
pictrs_1    |              at /opt/build/.cargo/registry/src/github.com-1ecc6299db9ec823/tracing-actix-web-0.5.1/src/root_span_builder.rs:40
pictrs_1    |    3: tokio::task::runtime.spawn
pictrs_1    |            with kind=local task.name= loc.file="/opt/build/.cargo/registry/src/github.com-1ecc6299db9ec823/actix-rt-2.7.0/src/lib.rs" loc.line=207 loc.col=5
pictrs_1    |              at /opt/build/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.17.0/src/util/trace.rs:16
pictrs_1    |    4: tokio::task::runtime.spawn
pictrs_1    |            with kind=local task.name= loc.file="/opt/build/.cargo/registry/src/github.com-1ecc6299db9ec823/actix-rt-2.7.0/src/lib.rs" loc.line=207 loc.col=5
pictrs_1    |              at /opt/build/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.17.0/src/util/trace.rs:16
pictrs_1    |    5: tokio::task::runtime.spawn
pictrs_1    |            with kind=local task.name= loc.file="/opt/build/.cargo/registry/src/github.com-1ecc6299db9ec823/actix-rt-2.7.0/src/lib.rs" loc.line=207 loc.col=5
pictrs_1    |              at /opt/build/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.17.0/src/util/trace.rs:16
pictrs_1    |    6: tokio::task::runtime.spawn
pictrs_1    |            with kind=local task.name= loc.file="/opt/build/.cargo/registry/src/github.com-1ecc6299db9ec823/actix-rt-2.7.0/src/arbiter.rs" loc.line=314 loc.col=25
pictrs_1    |              at /opt/build/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.17.0/src/util/trace.rs:16
pictrs_1    |    7: tokio::task::runtime.spawn
pictrs_1    |            with kind=block_on task.name= loc.file="/opt/build/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.17.0/src/task/local.rs" loc.line=468 loc.col=12
pictrs_1    |              at /opt/build/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.17.0/src/util/trace.rs:16 exception.details=Error interacting with filesystem, Command failed with bad status
pictrs_1    |  http.status_code=500 otel.status_code="ERROR"}: tracing_actix_web::root_span_builder: close time.busy=11.6ms time.idle=222ms

Better way of avoiding port conflicts

Continuing discussion from #3.

It would be good to have a better way of avoiding port conflicts when running multiple instances of lemmy. Current approach (randomizing ports on every deploy) has several downsides.

Quick brainstorm about options here:

  1. include nginx in the docker-compose.yml, allowing us to proxy_pass directly to specific containers; name relevant containers using the {{domain}}: lemmy-{{domain}}, lemmy-ui-{{domain}}, pictrs-{{domain}}, etc. Host-installed nginx would be unnecessary, or if already present would only need to hit a single port: the one exposed by the nginx container.

  2. Have some faith in the admins running instances, and make it possible to explicitly set ports per deployment, such that and admin deploying 3 different Lemmy instances would just explicitly define three sets of ports. A version of this would be to have a "starting port" configurable per instance, and each actual service port just offset by a well-defined value (say, lemmy_port would be starting_port; lemmy_ui_port would be starting_port + 1, etc).

Option 1. is the cleanest, keeps all Lemmy deploys in a "package" within the docker-compose.yml, all managed from a single lemmy-ansible checkout with minimal side-effects on the host system. From a perspective of a sysadmin this might be the most preferable, and also is the most in-line with the "docker way of doing things" so to speak.

Is there support for CentOS?

I tried running it for a CentOS vps but I receive this error:

TASK [Install aptitude] ************************************************************************************************
[WARNING]: Updating cache and auto-installing missing dependency: python3-apt
fatal: [racknerd]: FAILED! => {"changed": false, "cmd": "apt-get update", "msg": "[Errno 2] No such file or directory: b'apt-get': b'apt-get'", "rc": 2}

PLAY RECAP *************************************************************************************************************
racknerd                   : ok=2    changed=1    unreachable=0    failed=1    skipped=1    rescued=0    ignored=0

I am using default configuration. Is there a playbook catered for CentOS?

Problems on Ubuntu 23.04: Unneccessary(?) python modules breaking the installation, deprecated apt-keyring

Tried getting this up and running on a brand new VPS running 23.04

It failed during the "Install Docker Module and docker-compose for Python" step - pip3 install -U docker docker-compose gave a scary warning about mixing system-managed packages with pip and refused to continue. I worked around this by removing this whole part in the playbook: It seems to be merely required for the playbook itself, to run a single docker compose command.

  • It fails with my system out-of-the-box
  • The docker_compose Ansible plugin seems outdated (requires the legacy docker-compose < 2.x instead of the > 2.x docker compose)
  • It seems not worth pulling in dependencies for a simple, single command

I changed the lemmy.yml with the following diff to make things work:

diff --git a/lemmy.yml b/lemmy.yml
index 2c6a7aa..41fa786 100644
--- a/lemmy.yml
+++ b/lemmy.yml
@@ -59,13 +59,6 @@
         state: latest
         update_cache: true
 
-    - name: Install Docker Module and docker-compose for Python
-      pip:
-        name:
-          - docker
-          - docker-compose
-        state: latest
-
     - name: copy docker config
       copy: src='../files/docker-daemon.json' dest='/etc/docker/daemon.json' mode='0644'
 
@@ -160,11 +153,9 @@
     # - debug: var=shell_output
 
     - name: start docker-compose
-      docker_compose:
-        project_src: "{{lemmy_base_dir}}/{{domain}}"
-        state: present
-        pull: yes
-        remove_orphans: yes
+      shell:
+        cmd: docker compose up -d
+        chdir: "{{lemmy_base_dir}}/{{domain}}"
 
     - name: reload nginx with new config
       shell: nginx -s reload

After this I now get warnings running apt update:

W: https://download.docker.com/linux/ubuntu/dists/focal/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

Arguably that's yet another outdated plugin that's doing something it shouldn't.

From the link above / in the Ansible docs:

The apt-key command has been deprecated and suggests to ‘manage keyring files in trusted.gpg.d instead’. See the Debian wiki for details. This module is kept for backwards compatibility for systems that still use apt-key as the main way to manage apt repository keys.

nginx: add www subdomain & redirect as default

NGINX forwarding

It's common to have a server blocks regarding forwarding like this :)

server {
listen 80;
server_name www.example.com;
return 301 http://example.com$request_uri;
}

server {
listen 80;
server_name example.com;
...
}

Would be amazing if this could be added to Ansible in order to configure this in nginx automatically.
Same applies to HTTPS, right? Also, is it possible to enter subdomains in the Ansible script for gettings certificates via certbot for both,
www.example.com as well as example.com itself.

Currently when opening browsing the www. version nginx default page appears. :)

Ubuntu 20.04 certbot error

Looks like I'm getting a python error from certbot, running Ubuntu Linux (ubuntu 20.04), fresh install of Linux, have only ran the stuff from this repository.

Removed domain and email for privacy

TASK [request initial letsencrypt certificate] ***************************************************************************************************
fatal: [lemmy.ristl.org]: FAILED! => {"changed": true, "cmd": ["certbot", "certonly", "--nginx", "--agree-tos", "--cert-name", "", "-d", """, "-m", ""], "delta": "0:00:00.353763", "end": "2023-06-21 14:18:18.269786", "msg": "non-zero return code", "rc": 1, "start": "2023-06-21 14:18:17.916023", "stderr": "Traceback (most recent call last):\n File "/usr/lib/python3/dist-packages/requests_toolbelt/_compat.py", line 49, in \n from requests.packages.urllib3.contrib import appengine as gaecontrib\nImportError: cannot import name 'appengine' from 'requests.packages.urllib3.contrib' (/usr/local/lib/python3.8/dist-packages/urllib3/contrib/init.py)\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File "/usr/bin/certbot", line 11, in \n load_entry_point('certbot==0.40.0', 'console_scripts', 'certbot')()\n File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 490, in load_entry_point\n return get_distribution(dist).load_entry_point(group, name)\n File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 2854, in load_entry_point\n return ep.load()\n File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 2445, in load\n return self.resolve()\n File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 2451, in resolve\n module = import(self.module_name, fromlist=['name'], level=0)\n File "/usr/lib/python3/dist-packages/certbot/main.py", line 20, in \n from certbot import client\n File "/usr/lib/python3/dist-packages/certbot/client.py", line 14, in \n from acme import client as acme_client\n File "/usr/lib/python3/dist-packages/acme/client.py", line 16, in \n from requests_toolbelt.adapters.source import SourceAddressAdapter\n File "/usr/lib/python3/dist-packages/requests_toolbelt/init.py", line 12, in \n from .adapters import SSLAdapter, SourceAddressAdapter\n File "/usr/lib/python3/dist-packages/requests_toolbelt/adapters/init.py", line 12, in \n from .ssl import SSLAdapter\n File "/usr/lib/python3/dist-packages/requests_toolbelt/adapters/ssl.py", line 16, in \n from .._compat import poolmanager\n File "/usr/lib/python3/dist-packages/requests_toolbelt/_compat.py", line 51, in \n from urllib3.contrib import appengine as gaecontrib\nImportError: cannot import name 'appengine' from 'urllib3.contrib' (/usr/local/lib/python3.8/dist-packages/urllib3/contrib/init.py)", "stderr_lines": ["Traceback (most recent call last):", " File "/usr/lib/python3/dist-packages/requests_toolbelt/_compat.py", line 49, in ", " from requests.packages.urllib3.contrib import appengine as gaecontrib", "ImportError: cannot import name 'appengine' from 'requests.packages.urllib3.contrib' (/usr/local/lib/python3.8/dist-packages/urllib3/contrib/init.py)", "", "During handling of the above exception, another exception occurred:", "", "Traceback (most recent call last):", " File "/usr/bin/certbot", line 11, in ", " load_entry_point('certbot==0.40.0', 'console_scripts', 'certbot')()", " File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 490, in load_entry_point", " return get_distribution(dist).load_entry_point(group, name)", " File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 2854, in load_entry_point", " return ep.load()", " File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 2445, in load", " return self.resolve()", " File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 2451, in resolve", " module = import(self.module_name, fromlist=['name'], level=0)", " File "/usr/lib/python3/dist-packages/certbot/main.py", line 20, in ", " from certbot import client", " File "/usr/lib/python3/dist-packages/certbot/client.py", line 14, in ", " from acme import client as acme_client", " File "/usr/lib/python3/dist-packages/acme/client.py", line 16, in ", " from requests_toolbelt.adapters.source import SourceAddressAdapter", " File "/usr/lib/python3/dist-packages/requests_toolbelt/init.py", line 12, in ", " from .adapters import SSLAdapter, SourceAddressAdapter", " File "/usr/lib/python3/dist-packages/requests_toolbelt/adapters/init.py", line 12, in ", " from .ssl import SSLAdapter", " File "/usr/lib/python3/dist-packages/requests_toolbelt/adapters/ssl.py", line 16, in ", " from .._compat import poolmanager", " File "/usr/lib/python3/dist-packages/requests_toolbelt/_compat.py", line 51, in ", " from urllib3.contrib import appengine as gaecontrib", "ImportError: cannot import name 'appengine' from 'urllib3.contrib' (/usr/local/lib/python3.8/dist-packages/urllib3/contrib/init.py)"], "stdout": "", "stdout_lines": []}

Can't install lemmy with ansible - Playbook issue with docker-compose

I followed the instruction on this git repo, but ansible throws an error.

After executing the following command:

ansible-playbook -i inventory/hosts lemmy.yml

the following error is shown:

ERROR! no action detected in task. This often indicates a misspelled module name, or incorrect module path.

The error appears to have been in '/home/maxmoon/git_repos/lemmy-ansible/lemmy.yml': line 118, column 5, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

  - name: start docker-compose
    ^ here

The task on line 118 only shows the following:

  - name: start docker-compose
    docker_compose:
      project_src: '{{lemmy_base_dir}}/{{domain}}'
      state: present
      pull: yes
      remove_orphans: yes

I can't figure out what the problem is, but could it be a problem that I use keys for ssh (instead of passwords) and don't use the default ssh port?

Thank you for your help in advance.

Add PICTRS__API_KEY

Necessary to make admin purge of images work. Needs to be set as pictrs env var in docker-compose.yml, and in lemmy config.

Btw. this also needs to be added to instructions for manual installation.

502 Bad Gateway deploying to hetzner

Hi folks, I am new to Lemmy/Ansible and was hoping to host my own instance.

I tried following the guide in the readme and ran into some trouble.

I pointed my A record to a new hetzner VPS, copied the example files locally, changed the hosts file to instead have my domain and ssh user and ran the playbook.

The playbook completed successfully. Next, I tried going to my domain and get a 502 Bad Gateway nginx error page.

Similar if I go to the ip address of my server, I see the default "Welcome to nginx!
If you see this page, the nginx web server is successfully installed and working. Further configuration is required."

Is there a step I missed? Is there some other required changes to the config files besides the host variables? Can I pull logs somehow? Thank you for your help

Trouble Installing, website only displays "Welcome to nginx"

I am doing this on a clean Ubuntu VPS install for the 20th time, I have not had any luck.
I am doing this on a Ubuntu install within Windows.
I have also tried setting the VPS to Debian and CentOS with the same errors.
I have also tried installing this from Linux Mint and MX Linux
I created a DNS A record from my domain (big.com.ge) to my server ip (198.252.108.135)

I followed all the steps:
Ran: git clone https://github.com/LemmyNet/lemmy-ansible.git
Made a directory for my config, copied the config file and configured it
Copied the hosts file and configured it.
Ran the playbook "ansible-playbook -i inventory/hosts lemmy.yml"

My website only displays "Welcome to nginx!"

This was my server log:

PLAY [all] *********************************************************************************************************************
TASK [check lemmy_base_dir] ****************************************************************************************************skipping: [[email protected]]

TASK [install python for Ansible] **********************************************************************************************changed: [[email protected]]

TASK [setup] *******************************************************************************************************************ok: [[email protected]]

TASK [install dependencies] ****************************************************************************************************changed: [[email protected]]

TASK [request initial letsencrypt certificate] *********************************************************************************changed: [[email protected]]

TASK [create lemmy folder] *****************************************************************************************************changed: [[email protected]] => (item={'path': '/srv/lemmy/big.com.ge/', 'owner': 'root'})
changed: [[email protected]] => (item={'path': '/srv/lemmy/big.com.ge/volumes/', 'owner': 'root'})
changed: [[email protected]] => (item={'path': '/srv/lemmy/big.com.ge/volumes/pictrs/', 'owner': '991'})

TASK [set_fact] ****************************************************************************************************************ok: [[email protected]]

TASK [add template files] ******************************************************************************************************changed: [[email protected]] => (item={'src': 'templates/docker-compose.yml', 'dest': '/srv/lemmy/big.com.ge/docker-compose.yml', 'mode': '0600'})
changed: [[email protected]] => (item={'src': 'templates/nginx.conf', 'dest': '/etc/nginx/sites-enabled/big.com.ge.conf', 'mode': '0644'})

TASK [add the config.hjson] ****************************************************************************************************changed: [[email protected]]

TASK [enable and start docker service] *****************************************************************************************ok: [[email protected]]

TASK [start docker-compose] ****************************************************************************************************changed: [[email protected]]

TASK [reload nginx with new config] ********************************************************************************************changed: [[email protected]]

TASK [certbot renewal cronjob] *************************************************************************************************changed: [[email protected]]

PLAY RECAP *********************************************************************************************************************[email protected]            : ok=12   changed=9    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0`

This is my hosts file:

[email protected]  domain=big.com.ge  [email protected] lemmy_base_dir=/srv/lemmy

[all:vars]
ansible_connection=ssh

This is my config file:


 {
  # settings related to the postgresql database
  database: {
    # Username to connect to postgres
    user: "lemmy"
    # Password to connect to postgres
    password: "(REMOVED)"
    # Host where postgres is running
    host: "postgres"
    # Port where postgres can be accessed
    port: 5432
    # Name of the postgres database for lemmy
    database: "lemmy"
    # Maximum number of active sql connections
    pool_size: 5
  }
  # rate limits for various user actions, by user ip
  rate_limit: {
    # Maximum number of messages created in interval
    message: 180
    # Interval length for message limit, in seconds
    message_per_second: 60
    # Maximum number of posts created in interval
    post: 6
    # Interval length for post limit, in seconds
    post_per_second: 600
    # Maximum number of registrations in interval
    register: 3
    # Interval length for registration limit, in seconds
    register_per_second: 3600
    # Maximum number of image uploads in interval
    image: 6
    # Interval length for image uploads, in seconds
    image_per_second: 3600
  }
  # Settings related to activitypub federation
  # federation: {
    # Whether to enable activitypub federation.
    enabled: false
    # Allows and blocks are described here:
    # https://join-lemmy.org/docs/en/federation/administration.html///instance-allowlist-and-blocklist
    #
    # list of instances with which federation is allowed
    # allowed_instances: [
    #  instance1.tld
    #  instance2.tld
    #  /* ... */
    #]
    # Instances which we never federate anything with (but previously federated objects are unaffected)
    #blocked_instances: [
    #  string
    #  /* ... */
    #]
    # If true, only federate with instances on the allowlist and block everything else. If false
    # use allowlist only for remote communities, and posts/comments in local communities
    # (meaning remote communities will show content from arbitrary instances).
    # strict_allowlist: true
  #}
  captcha: {    enabled: false
    # Can be easy, medium, or hard
    difficulty: "medium"
  }
  # Email sending configuration. All options except login/password are mandatory
  email: {
    # Hostname and port of the smtp server
    smtp_server: "localhost:25"
    # Login name for smtp server
    smtp_login: "admin"
    # Password to login to the smtp server
    smtp_password: "REMOVED"
    # Address to send emails from, eg [email protected]
    smtp_from_address: "[email protected]"
    # Whether or not smtp connections should use tls
    use_tls: true
  }
  # Parameters for automatic configuration of new instance (only used at first start)
  setup: {
    # Username for the admin user
    admin_username: "admin"
    # Password for the admin user
    admin_password: "REMOVED"
    # Name of the site (can be changed later)
    site_name: "My Lemmy Instance"
    # Email for the admin user (optional, can be omitted and set later through the website)
    #admin_email: "string"
    #sidebar: "string"
    #description: "string"
    #icon: "string"
    #banner: "string"
    #enable_downvotes: true
    #open_registration: true
    #enable_nsfw: true
    #community_creation_admin_only: true
  }
  # the domain name of your instance (mandatory)
  hostname: "big.com.ge"
  # Address where lemmy should listen for incoming requests
  bind: "0.0.0.0"
  # Port where lemmy should listen for incoming requests
  port: 8536
  # Whether the site is available over TLS. Needs to be true for federation to work.
  tls_enabled: true
  # Address where pictrs is available (for image hosting)
  pictrs_url: "http:#localhost:8080"
  slur_filter: "(\bThis\b)|(\bis\b)|(\bsample\b)"
  # Maximum length of local community and user names
  actor_name_max_length: 20
}

Version tagging?

Would it be possible to have version tagging in this repository too? It would make it substantially easier to manage upgrades, especially if lagging a few versions behind.

Unable to update to 0.18.0

Hello,

I tried updating using the ansible script. I synced the repo. and ran the command ansible-playbook -i inventory/hosts lemmy.yml --become -K after that I entered my passwords. Everything ran fine untill

@arcolinux ➜ lemmy-ansible git:(main) ansible-playbook -i inventory/hosts lemmy.yml --become -K
BECOME password:

PLAY [all] ********************************************************************************************************************************************************************************************************

TASK [check lemmy_base_dir] ***************************************************************************************************************************************************************************************
skipping: [server]

TASK [install python for Ansible] *********************************************************************************************************************************************************************************
changed: [server]

TASK [setup] ******************************************************************************************************************************************************************************************************
ok: [server]

TASK [Install aptitude] *******************************************************************************************************************************************************************************************
ok: [server]

TASK [install dependencies] ***************************************************************************************************************************************************************************************
ok: [server]

TASK [Add Docker GPG apt Key] *************************************************************************************************************************************************************************************
ok: [server]

TASK [Add Docker Repository] **************************************************************************************************************************************************************************************
ok: [server]

TASK [Update apt and install docker-ce] ***************************************************************************************************************************************************************************
ok: [server]

TASK [Install Docker Module and docker-compose for Python] ********************************************************************************************************************************************************
ok: [server]

TASK [copy docker config] *****************************************************************************************************************************************************************************************
ok: [server]

TASK [request initial letsencrypt certificate] ********************************************************************************************************************************************************************
ok: [server]

TASK [create lemmy folder] ****************************************************************************************************************************************************************************************
ok: [server] => (item={'path': '/home/server/lemmy/domain/', 'owner': 'root'})
ok: [server] => (item={'path': '/home/server/lemmy/domain/volumes/', 'owner': 'root'})
ok: [server] => (item={'path': '/home/server/lemmy/domain/volumes/pictrs/', 'owner': '991'})

TASK [set_fact] ***************************************************************************************************************************************************************************************************
ok: [server]

TASK [add template files] *****************************************************************************************************************************************************************************************
changed: [server] => (item={'src': 'templates/docker-compose.yml', 'dest': '/home/server/lemmy/domain/docker-compose.yml', 'mode': '0600'})
ok: [server] => (item={'src': 'templates/nginx_internal.conf', 'dest': '/home/server/lemmy/domain/nginx_internal.conf', 'mode': '0644'})
changed: [server] => (item={'src': 'templates/nginx.conf', 'dest': '/etc/nginx/sites-available/domain.conf', 'mode': '0644'})

TASK [gather stats on site enabled config] ************************************************************************************************************************************************************************
ok: [server]

TASK [remove if regular file (legacy) instead of symlink] *********************************************************************************************************************************************************
skipping: [server]

TASK [enable nginx site] ******************************************************************************************************************************************************************************************
ok: [server]

TASK [add the config.hjson] ***************************************************************************************************************************************************************************************
ok: [server]

TASK [add the customPostgresql.conf] ******************************************************************************************************************************************************************************
ok: [server]

TASK [enable and start docker service] ****************************************************************************************************************************************************************************
ok: [server]

TASK [start docker-compose] ***************************************************************************************************************************************************************************************
fatal: [server]: FAILED! => {"changed": false, "errors": [], "module_stderr": "", "module_stdout": "", "msg": "Error: pull failed with 404 Client Error for http+docker://localhost/v1.43/images/create?tag=0.18.0&fromImage=dessalines%2Flemmy: Not Found (\"manifest for dessalines/lemmy:0.18.0 not found: manifest unknown: manifest unknown\")"}

PLAY RECAP ********************************************************************************************************************************************************************************************************
server           : ok=18   changed=2    unreachable=0    failed=1    skipped=2    rescued=0    ignored=0

I have redacted some things for privacy like my domain name.

TASK [start docker-compose] : Unable to load docker-compose

Hello,

On a fresh lemmy install on ubuntu server 22.04 (arm64 for raspberry pi and x64), I got this error (each time):

TASK [start docker-compose] ************************************************************************************************************************************************************
fatal: [user@IP_ADDRESS]: FAILED! => {"changed": false, "msg": "Unable to load docker-compose. Try `pip install docker-compose`. Error: Traceback (most recent call last):\n  File \"/tmp/ansible_docker_compose_payload_ixgojrhn/ansible_docker_compose_payload.zip/ansible_collections/community/docker/plugins/modules/docker_compose.py\", line 506, in <module>\nModuleNotFoundError: No module named 'compose'\n"}

For information, I also got this warning:

 TASK [Add Docker GPG apt Key] ******************************************************************************************************************
[WARNING]: Module remote_tmp /root/.ansible/tmp did not exist and was created with a mode of 0700, this may cause issues when running as
another user. To avoid this, create the remote_tmp dir with the correct permissions manually
changed: [user@IP_ADDRESS]

Any idea how to run this playbook without error ?
Thanks :)

Error on the Task - Add Docker GPG apt Key

TASK [Add Docker GPG apt Key] ***************************************************************

fatal: [admin@<IP>]: FAILED! => {"changed": false, "cmd": "/usr/bin/apt-key add -", "msg": "Unable to add a key from binary data", "rc": 2, "stderr": "Warning: apt-key output should not be parsed (stdout is not a terminal)\ngpg: failed to start agent '/usr/bin/gpg-agent': No such file or directory\ngpg: can't connect to the agent: No such file or directory\n", "stderr_lines": ["Warning: apt-key output should not be parsed (stdout is not a terminal)", "gpg: failed to start agent '/usr/bin/gpg-agent': No such file or directory", "gpg: can't connect to the agent: No such file or directory"], "stdout": "", "stdout_lines": []}

Ansible installation: error using --ask-become-pass

Hi, when using:

ansible-playbook -i inventory/hosts lemmy.yml --ask-become-pass

I get an error (the typical error on Debian when a user without privileges try to do an apt update:

TASK [install python for Ansible] ****************************************************************************************************
fatal: [[email protected]]: FAILED! => {"changed": true, "msg": "non-zero return code", "rc": 100, "stderr": "Shared connection to collapse.cat closed.\r\n", "stderr_lines": ["Shared connection to collapse.cat closed."], "stdout": "\rS'està llegint la llista de paquets… 0%\r\rS'està llegint la llista de paquets… 100%\r\rS'està llegint la llista de paquets… Fet \r\r\n\u001b[1;31mE: \u001b[0mNo s'ha pogut obrir el fitxer de blocat /var/lib/apt/lists/lock - open (13: S’ha denegat el permís)\u001b[0m\r\n\u001b[1;31mE: \u001b[0mNo es pot blocar el directori /var/lib/apt/lists/\u001b[0m\r\n\u001b[1;33mW: \u001b[0mHi ha hagut un problema en desenllaçar el fitxer /var/cache/apt/pkgcache.bin - RemoveCaches (13: S’ha denegat el permís)\u001b[0m\r\n\u001b[1;33mW: \u001b[0mHi ha hagut un problema en desenllaçar el fitxer /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: S’ha denegat el permís)\u001b[0m\r\n", "stdout_lines": ["", "S'està llegint la llista de paquets… 0%", "", "S'està llegint la llista de paquets… 100%", "", "S'està llegint la llista de paquets… Fet ", "", "\u001b[1;31mE: \u001b[0mNo s'ha pogut obrir el fitxer de blocat /var/lib/apt/lists/lock - open (13: S’ha denegat el permís)\u001b[0m", "\u001b[1;31mE: \u001b[0mNo es pot blocar el directori /var/lib/apt/lists/\u001b[0m", "\u001b[1;33mW: \u001b[0mHi ha hagut un problema en desenllaçar el fitxer /var/cache/apt/pkgcache.bin - RemoveCaches (13: S’ha denegat el permís)\u001b[0m", "\u001b[1;33mW: \u001b[0mHi ha hagut un problema en desenllaçar el fitxer /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: S’ha denegat el permís)\u001b[0m"]}

But the error is gone when using:

ansible-playbook -i inventory/hosts lemmy.yml --become -K

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.