Skip to content

feat(mattermost): standalone Docker stack + split provisioner pattern (misp-style)#193

Open
t0kubetsu wants to merge 2 commits into
devfrom
feat/mattermost-docker-stack
Open

feat(mattermost): standalone Docker stack + split provisioner pattern (misp-style)#193
t0kubetsu wants to merge 2 commits into
devfrom
feat/mattermost-docker-stack

Conversation

@t0kubetsu

@t0kubetsu t0kubetsu commented Jun 12, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Replaces the two-stage Dockerfile (golang:alpine builder + mattermost runtime) and static users.yml with the misp-standalone provisioner pattern: Alpine single-stage image; bash/curl/jq/openssl toolchain; provisioning scripts volume-mounted at runtime (not baked in); mattermost CLI no longer required
  • Splits provisioning into three focused scripts: provision.sh (orchestrator) → provision-users.sh (REST API user + team creation) → provision-tokens.sh (personal access token generation)
  • User set is now driven entirely by env vars (MM_TEAMS, MM_INSTRUCTOR_COUNT, MM_USERS_PER_TEAM) — no YAML file to maintain
  • Admin bootstrapped via REST: first user created on a fresh DB is auto-promoted to system_admin by Mattermost (EnableOpenServer + EnableAPICreateAccount)
  • Passwords auto-generated on first run, written to /tokens/mm-credentials.json; idempotency stamp at /tokens/.provisioned prevents re-run on restart
  • make keys target added to surface the full credentials JSON alongside the existing make tokens

Closes #143

Scope: 03_container_layer/docker/admin/mattermost/ only.

Changed files

File Change
Dockerfile Two-stage golang+mattermost → Alpine single-stage provisioner
compose.yml Provisioner: env_file + three :ro script mounts; removes mattermost-config volume
.env.example Adds MM_TEAMS, MM_INSTRUCTOR_ORG, MM_INSTRUCTOR_COUNT, MM_USERS_PER_TEAM, MM_USER_DOMAIN
Makefile Adds keys target
README.md Documents env-driven user model and credential retrieval
provisioning/provision.sh New: thin orchestrator entrypoint
provisioning/provision-users.sh New: REST API user + team creation
provisioning/provision-tokens.sh New: personal access token generation loop
provisioning/init.sh Deleted
provisioning/users.yml Deleted

Test plan

  • make build-up builds provisioner image without errors
  • make logs-provisioner shows admin + users created, tokens written
  • make tokens prints username:token lines
  • make keys prints mm-credentials.json with all users
  • Re-running provisioner after stack restart exits with "Already provisioned"
  • make reprovision triggers a fresh provisioning run
  • Admin user has system_admin role in Mattermost UI

@t0kubetsu
feat(mattermost): replace monolithic init.sh with split provisioner p…
bd4c707 
…attern

Drop the two-stage Dockerfile (golang:alpine builder + mattermost runtime)
and static users.yml in favour of the misp-standalone provisioner pattern:

- Alpine single-stage image (bash/curl/jq/openssl); scripts volume-mounted
  at runtime rather than baked in; mattermost CLI no longer required
- provision.sh: thin orchestrator (provision-users → provision-tokens)
- provision-users.sh: REST API user creation driven by MM_TEAMS /
  MM_INSTRUCTOR_COUNT env vars; first user auto-promoted to system_admin
  by Mattermost (EnableOpenServer + EnableAPICreateAccount); auto-generated
  passwords; creates team and adds all members; writes
  /tokens/mm-credentials.json + idempotency stamp
- provision-tokens.sh: reads mm-credentials.json; generates a personal
  access token per user via /api/v4/users/{id}/tokens; writes tokens.txt
- .env.example: adds MM_TEAMS, MM_INSTRUCTOR_ORG, MM_INSTRUCTOR_COUNT,
  MM_USERS_PER_TEAM, MM_USER_DOMAIN; removes users.yml reference
- compose.yml: provisioner now uses env_file + three :ro script mounts;
  removes mattermost-config volume (CLI no longer needed)
- Makefile: adds keys target (mm-credentials.json)
- README: documents new env-driven user model and credential retrieval

Closes #143
@t0kubetsu t0kubetsu mentioned this pull request Jun 12, 2026
Closed
3 tasks
@t0kubetsu

t0kubetsu commented Jun 12, 2026

Copy link
Copy Markdown
Contributor Author

Deployment prerequisite — cp .env.example .env on the deployer

Before running the scenario, the stack directory on the deployer's catalog copy must have a .env file. The compose.yml declares env_file: .env for the provisioner service; Docker Compose treats this as required by default and returns empty stdout if the file is missing, causing community.docker.docker_compose_v2 to fail with:

Error while parsing JSON output … Expecting value: line 1 column 1 (char 0)

Workaround (until resolved at the catalog level):

cd /path/to/range42-catalog/03_container_layer/docker/admin/mattermost
cp .env.example .env

All defaults in .env.example are suitable for lab use. Test plan is otherwise ✅ all green.

@hyde-repo hyde-repo self-requested a review June 18, 2026 06:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hyde-repo hyde-repo hyde-repo approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@t0kubetsu @hyde-repo