From 39566aa7fe17cd80dfb78f430bd27946a51a693b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 23 Apr 2019 10:06:42 +0300 Subject: [PATCH] Generate a Synapse signing key file, if missing The code used to check for a `homeserver.yaml` file and generate a configuration (+ key) only if such a configuration file didn't exist. Certain rare cases (setting up with one server name and then changing to another) lead to `homeserver.yaml` being there, but a `matrix.DOMAIN.signing.key` file missing (because the domain changed). A new signing key file would never get generated, because `homeserver.yaml`'s existence used to be (incorrectly) satisfactory for us. From now on, we don't mix things up like that. We don't care about `homeserver.yaml` anymore, but rather about the actual signing key. The rest of the configuration (`homeserver.yaml` and `matrix.DOMAIN.log.config`) is rebuilt by us in any case, so whether it exists or not is irrelevant and doesn't need checking. --- .../matrix-synapse/tasks/setup_synapse_main.yml | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/roles/matrix-synapse/tasks/setup_synapse_main.yml b/roles/matrix-synapse/tasks/setup_synapse_main.yml index 388e28ce..f1bb1430 100644 --- a/roles/matrix-synapse/tasks/setup_synapse_main.yml +++ b/roles/matrix-synapse/tasks/setup_synapse_main.yml @@ -22,17 +22,19 @@ docker_image: name: "{{ matrix_synapse_docker_image }}" -- name: Check if a Matrix Synapse configuration exists +- name: Check if a Synapse signing key exists stat: - path: "{{ matrix_synapse_config_dir_path }}/homeserver.yaml" - register: matrix_synapse_config_stat + path: "{{ matrix_synapse_config_dir_path }}/{{ matrix_server_fqn_matrix }}.signing.key" + register: matrix_synapse_signing_key_stat -# We do this mostly so that the keys would get generated. -# We'll replace the rest of the configuration with our own templates below. +# We do this so that the signing key would get generated. +# +# This will also generate a default homeserver.yaml configuration file and a log configuration file. +# We don't care about those configuraiton files, as we replace them with our own anyway (see below). # # We don't use the `docker_container` module, because using it with `cap_drop` requires # a very recent version, which is not available for a lot of people yet. -- name: Generate initial Matrix config +- name: Generate initial Matrix config and signing key command: | docker run --rm @@ -45,7 +47,7 @@ -e SYNAPSE_REPORT_STATS=no {{ matrix_synapse_docker_image }} generate - when: "not matrix_synapse_config_stat.stat.exists" + when: "not matrix_synapse_signing_key_stat.stat.exists" - name: Ensure Matrix homeserver config installed template: