I wrote the following article about the ChatOps solution Mattermost on November 26, 2017 for my own Blog “gestreift.net”. As Mattermost has been available in the Univention App Center for a few months now, Univention had the idea to publish this article here for your information, too.
And here we go:
It’s just over a year now since I first wrote about the popularity of Slacking und WhatsApping and explained how to install Rocket.Chat. For a number of reasons, I stumbled across Mattermost a while ago and the time has come to pen a few lines on the how and the why…
Chatting and instant messaging is really old hat in the IT industry – CompuServe was offering it as far back as 1980 in the form of the CB simulator [1]. Slowly but surely, however, the chat medium is now beginning to revolutionize the world of IT. In recent years, the old IRCs and XMPPs have evolved into solutions such as Slack, Stride from Atlassian or Microsoft Teams. In private use, WhatsApp, Google Hangouts, or iMessage from Apple have already been a well-established feature for a long time. And, of course, there’s still the good old SMS…
Everyone is nowhere…
Personally, I boycott WhatsApp, and I know that some – I would like to have written “many” at this point, but that would unfortunately be exaggerating – others do the same. Hangouts and iMessage are favorites among Android and iPhone users. I really had to search to find the SMS app on my cell phone. If I can no longer find all my contacts in the same place, I can run a chat under my own control and invite everyone I would like to communicate with. At the same time, this allows me to avoid enriching others’ clouds with my data.
I identified three chat servers in the Open Source world that are worth taking a look at: In addition to Rocket.Chat, these are riot.im and, of course, Mattermost. I have already tested all three. However, in the categories of “Simple installation”, “Ease of integrating others in my chats”, and “Daily operation”, Mattermost is far and away the clear winner for me.
Installing Mattermost
I already described how I effectively launched a cost-effective server based on Univention products on the Internet last year in „Kopano to go, please!“ …. The basic setup can be taken from that article, and then we proceed as follows: The latest browsers may not support Mattermost if the server’s certificate is not valid (i.e., self-signed or expired). Anyone who does not have their own certificate should therefore begin by installing the Let’s Encrypt app, which can be found in the Univention App Center (System & Domain Settings -> Software -> App Center).
The Mattermost app can usually also be found in the same place. This app can also be installed with a few simple clicks of the mouse, even though it is considerably more extensive and the setup takes a few moments longer. During the installation, we are prompted to enter and confirm a few settings. With the exception of the password, all of them can be subsequently adjusted if necessary and should – unless you know exactly what you’re doing – simply be left as they are. Following the installation, Mattermost can be reached at https://<server>:8234 (or insecurely at http://<server>:8123).
Another setting will become relevant later: Mattermost needs to be capable of sending e-mails. As the server service runs in a Docker instance, it communicates in the subnetwork 172.16.0.0/12. For simplicity’s sake, I permitted the sending of external e-mails for the local network by expanding the mynetworks settings in /etc/postfix/main.cf as follows:
mynetworks = 127.0.0.0/8 172.16.0.0/12
‘service postfix restart’ restarts the mail server, which should now accept e-mails from Mattermost.
Configuring Mattermost
Following the first login, the Mattermost interface is displayed as shown in the screenshot above. The three horizontal lines next to the user name “administrator” open the menu containing the System Console. As the standard settings for the mail server did not suit my requirements, I recommend starting by checking the rights under Notifications -> Email. Once the setting described above had been amended in Postfix, the following values worked very well for me:
SMTP Server: IP aus „ifconfig docker0“ SMTP Server Port: 25 Enable SMTP Authentication: false Connection Security: None
As all the communication is internal, I regard this option as comparatively secure. I then changed the “Notification From Address” to an existing address and enabled the iOS/Android apps with TPNS under “Mobile Push” in the menu under Email. This is the only way to ensure push messages arrive there. It is not advisable to enable “send full message snippet” here, as the messages would then be sent directly and unencrypted via a central server at Mattermost.
The language can be changed to German, for example, under GENERAL -> Localization. After saving the changes, you can exit the System Console again by clicking on Menu -> Switch to Univention.
Inviting users
Unless you are using a commercial version of Mattermost, it is not possible to access the Univention LDAP. As such, users need to be created – or perhaps it’s better to say ‘invited’ in this case – manually. To do so, select Send Email Invite in the menu and enter the information for the user you wish to create/invite. The person will then receive an e-mail with a link. Important note: The link only invites you to create a new account if you are not already registered.
As I do not want to chat as the administrator, I invited myself first and set myself up a personal account. In the System Console, I then promoted my user to the role of System Admin under Users. Consequently, I no longer require the “administrator” user any more. Under GENERAL -> User and Teams in the System Console, the first two options determine whether all users are permitted to create teams and invite new users. It’s important to consider and take a decision on this at least once 😉
Using Mattermost
When in use, the standard Mattermost interface is as shown in the screenshot above. On the far left there is a list of the various teams in which the user is a member. Per team there are “public channels”, which every member of the team can join, and “private channels”, which can only be joined by invitation. Direct messages can be sent to individual members or entire groups. Hovering a mouse over a message displays the options available for the same message on the right. For example, you can decide to delete, edit, or highlight a message as well as opening a thread to impart structure to the whole system. I will presumably write another post dedicated specifically to my day-to-day experiences with Mattermost.
There is one last thing that I would like to mention in this piece:
I am currently working with three Mattermost servers. Unfortunately, the Android app [2] only supports one server. One possible workaround is to additionally install the beta app [3]. However, in my experience, the notifications via e-mail are perfectly sufficient. They include a link which opens a very usable Mattermost interface in mobile Chrome. On my desktop computer, I work with the Mattermost app for Linux [4]. This is also available for macOS and Windows, and it works well with all my servers.
Further information
Of course, it is also possible to use Mattermost without Univention. There is a Docker container and in addition to packages for OpenSUSE, SLES, Debian, and Ubuntu available at [5]. It is also possible to request a free one-month test license for a commercial version at [6]. Any version of Mattermost without a valid license key is automatically a community version in which everything can be used as described in this article.
Test Mattermost now via the Univention App Center
References:
[1] https://en.wikipedia.org/wiki/CB_Simulator
[2] https://play.google.com/store/apps/details?id=com.mattermost.rn
[3] https://play.google.com/store/apps/details?id=com.mattermost.rnbeta
[4] https://about.mattermost.com/download/#mattermostApps
[5] https://about.mattermost.com/download/
[6] https://kopano.com/request-mattermost-trial/
Comments
Chris r
The problem with Univention’s Mattermost implementation is that you cannot access the CLI tool, and if your admin leaves any team for any reason, you will lose your admin account with no easy way to restore it. Just.For.Leaving.A.Team. Also the websockets constantly cause 500 errors and wont connect correctly. Searched for many days for ansers but none of the ones online work for me.
Irina Feller
Hi Chris,
When logged into the shell of your UCS system you can simply enter the app by calling `univention-app shell mattermost`, once you have run his command you also interact with Mattermost with the Mattermost cli tool. For convenience the app integrates a small wrapper command called “mattermost-platform” that takes case of executing in the right directory and with the right configuration file.
Example:
$ univention-app shell mattermost
root@matte-37895575:/# mattermost-platform version
{"level":"info","ts":1540376863.7478015,"caller":"utils/i18n.go:78","msg":"Loaded system translations for 'en' from '/opt/mattermost/i18n/en.json'"}
{"level":"info","ts":1540376863.7480235,"caller":"app/app.go:204","msg":"Server is initializing..."}
{"level":"info","ts":1540376863.7527144,"caller":"sqlstore/supplier.go:209","msg":"Pinging SQL master database"}
{"level":"info","ts":1540376863.7549772,"caller":"sqlstore/channel_store_experimental.go:47","msg":"Enabling experimental public channels materialization"}
{"level":"info","ts":1540376863.8239052,"caller":"app/license.go:42","msg":"License key valid unlocking enterprise features."}
Version: 5.4.0
Build Number: 5.4.0
Build Date: Tue Oct 16 16:48:31 UTC 2018
Build Hash: d5b613cb1bbdaa856fa126e7102d94783b9e80b6
Build Enterprise Ready: true
DB Version: 5.4.0
When you already know what you want to execute then you can also chain these commands like the following:
$ univention-app shell mattermost mattermost-platform user password administrator new-password
I am unfortunately not able to reproduce the websocket errors you are mentioning and would like to encourage to open a topic for this on https://help.univention.com/ and supply some more logfiles and information about your environment so that this can be looked into.
Best regards
Irina
Chris r
Thank you – I can get to the cli now but still cannot use it to add admin rights back so I can continue to add users. I need the command to give admin rights to a user. I cant really find a way to do that in univention. There is no admin in mattermost as I accidently deleted a channel not knowing it would delete the admin rights from my account. It says Error: Unable to find user ‘Administrator”
Felix Bartels
Hi Chris,
deleting a channel actually should not delete the user with it (not in the Univention app, nor in other Mattermost installations). But you can easily give admin user permissions to an existing user, for this you only have to execute (while being in the container): `mattermost-platform roles system_admin my-new-admin-user` (and replace my-new-admin-user with the actual username).
For to be safe during upgrades I would recommend to recreate the admin user, this is possible with `mattermost-platform user create –email=”$email” –password=”$ADM_PASSWORD” –username=Administrator –system_admin` (just replace $mail and $ADM_PASSWORD) with the desired values