Mattermost
- By Canonical IS DevOps
| Channel | Revision | Published | Runs on |
|---|---|---|---|
| latest/stable | 27 | 22 Nov 2023 | |
| latest/edge | 18 | 14 Jun 2021 |
juju deploy mattermost-k8s
Deploy Kubernetes operators easily with Juju, the Universal Operator Lifecycle Manager. Need a Kubernetes cluster? Install MicroK8s to create a full CNCF-certified Kubernetes system in under 60 seconds.
Platform:
When visiting a fresh deployment, you will first be asked to create an admin account. Further accounts must be created using this admin account, or by setting up an external authentication source, such as SAML.
SAML Authentication
This charm supports configuring Ubuntu SSO as the authentication method. This requires the following:
- a Mattermost Enterprise Edition licence to be obtained and activated
- a SAML config for the Mattermost installation to be added to
login.ubuntu.com - the SAML config will need to have a new certificate generated (refer to “Canonical RT#107985” when requesting this)
- this is because the default certificate available via the SAML metadata URL has expired
- the new certificate to be installed in the Mattermost database (see below)
Installing the SAML Identity Provider Certificate
Invoke psql against the mattermost database on the current primary and use the following query to install the certificate:
INSERT INTO configurationfiles (name, createat, updateat, data)
VALUES ('saml-idp.crt', (extract(epoch from now()) * 1000)::bigint ,(extract(epoch from now()) * 1000)::bigint, $-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----$);
Allowing All Users to Create Personal Access Tokens
Setting the “Enable Personal Access Tokens” option in the System Console’s “Integrations” panel does not give all users the ability to use them.
To give access to all new users, add this database trigger:
BEGIN;
CREATE OR REPLACE FUNCTION grant_system_user_access_token_role() RETURNS TRIGGER AS $$
BEGIN
IF position('system_user_access_token' in NEW.roles) = 0 THEN
NEW.roles = NEW.roles || ' system_user_access_token';
END IF;
RETURN NEW;
END;
$$
LANGUAGE PLPGSQL;
DROP TRIGGER IF EXISTS before_insert_system_user_grant_system_user_access_token ON users;
CREATE TRIGGER before_insert_system_user_grant_system_user_access_token
BEFORE INSERT ON users
FOR EACH ROW WHEN ( NEW.roles = 'system_user' )
EXECUTE FUNCTION grant_system_user_access_token_role();
COMMIT;
And to update all existing users, run this query:
UPDATE users
SET roles = 'system_user system_user_access_token'
WHERE roles = 'system_user';