pub-solar/matrix-docker-ansible-deploy
5
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Prefer --mount instead of -v for mounting volumes

Browse source 
This doesn't replace all usage of `-v`, but it's a start.

People sometimes troubleshoot by deleting files (especially bridge
config files). Restarting Synapse with a missing registration.yaml file
for a given bridge, causes the `-v
/something/registration.yaml:/something/registration.yaml:ro` option
to force-create `/something/registration.yaml` as a directory.

When a path that's provided to the `-v` option is missing, Docker
auto-creates that path as a directory.
This causes more breakage and confusion later on.

We'd rather fail, instead of magically creating directories.
Using `--mount`, instead of `-v` is the solution to this.

From Docker's documentation:

> When you use --mount with type=bind, the host-path must refer to an existing path on the host.
> The path will not be created for you and the service will fail with an error if the path does not exist.
This commit is contained in:
Slavi Pantaleev 2019-05-29 09:59:50 +03:00
parent 7d8dde8a53
commit 70487061f4
10 changed files with 36 additions and 56 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
docs/howto-server-delegation.md
View file

@ -89,10 +89,8 @@ matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key: /matrix/ssl/
If your files are not in `/matrix/ssl` but in some other location, you would need to mount them into the container:
```yaml
matrix_nginx_proxy_container_additional_volumes:
- src: /some/path/on/the/host
dst: /some/path/inside/the/container
options: ro
matrix_synapse_container_extra_arguments:
- "--mount type-bind,src=/some/path/on/the/host,dst=/some/path/inside/the/container,ro"
```
You then refer to them (for `matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate` and `matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key`) by using `/some/path/inside/the/container`.
@ -118,10 +116,8 @@ Make sure to reload/restart your webserver once in a while, so that newer certif
To do that, make sure the certificate files are mounted into the Synapse container:
```yaml
matrix_synapse_container_additional_volumes:
- src: /some/path/on/the/host
dst: /some/path/inside/the/container
options: ro
matrix_synapse_container_extra_arguments:
- "--mount type-bind,src=/some/path/on/the/host,dst=/some/path/inside/the/container,ro"
```
You can then tell Synapse to serve Federation traffic over TLS on `tcp/8448`:

11
roles/matrix-bridge-appservice-discord/tasks/setup_install.yml
View file

@ -61,9 +61,6 @@
-l discord_bot
when: "not appservice_discord_registration_file.stat.exists"
- set_fact:
matrix_synapse_app_service_config_file_appservice_discord: '{{ matrix_appservice_discord_base_path }}/discord-registration.yml'
- name: Check if a matrix-appservice-discord invite_link file exists
stat:
path: "{{ matrix_appservice_discord_base_path }}/invite_link"
@ -82,12 +79,12 @@
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_additional_volumes: >
{{ matrix_synapse_container_additional_volumes|default([]) }}
matrix_synapse_container_extra_arguments: >
{{ matrix_synapse_container_extra_arguments|default([]) }}
+
{{ [{'src': '{{ matrix_appservice_discord_base_path }}/discord-registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_appservice_discord }}', 'options': 'ro'}] }}
{{ ["--mount type=bind,src={{ matrix_appservice_discord_base_path }}/discord-registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro"] }}
matrix_synapse_app_service_config_files: >
{{ matrix_synapse_app_service_config_files|default([]) }}
+
{{ ["{{ matrix_synapse_app_service_config_file_appservice_discord }}"] | to_nice_json }}
{{ ["/matrix-appservice-discord-registration.yaml"] }}

11
roles/matrix-bridge-appservice-irc/tasks/setup_install.yml
View file

@ -70,20 +70,17 @@
-l irc_bot
when: "not appservice_irc_registration_file.stat.exists"
- set_fact:
matrix_synapse_app_service_config_file_appservice_irc: '/app-registration/appservice-irc.yml'
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_additional_volumes: >
{{ matrix_synapse_container_additional_volumes|default([]) }}
matrix_synapse_container_extra_arguments: >
{{ matrix_synapse_container_extra_arguments|default([]) }}
+
{{ [{'src': '{{ matrix_appservice_irc_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_appservice_irc }}', 'options': 'ro'}] }}
{{ ["--mount type=bind,src={{ matrix_appservice_irc_base_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"] }}
matrix_synapse_app_service_config_files: >
{{ matrix_synapse_app_service_config_files|default([]) }}
+
{{ ["{{ matrix_synapse_app_service_config_file_appservice_irc }}"] | to_nice_json }}
{{ ["/matrix-appservice-irc-registration.yaml"] }}
- name: Ensure IRC configuration directory permissions are correct
file:

11
roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml
View file

@ -65,17 +65,14 @@
python3 -m mautrix_facebook -g -c /data/config.yaml -r /data/registration.yaml
when: "not mautrix_facebook_registration_file_stat.stat.exists"
- set_fact:
matrix_synapse_app_service_config_file_mautrix_facebook: '/app-registration/mautrix-facebook.yml'
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_additional_volumes: >
{{ matrix_synapse_container_additional_volumes|default([]) }}
matrix_synapse_container_extra_arguments: >
{{ matrix_synapse_container_extra_arguments|default([]) }}
+
{{ [{'src': '{{ matrix_mautrix_facebook_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_facebook }}', 'options': 'ro'}] }}
{{ ["--mount type=bind,src={{ matrix_mautrix_facebook_base_path }}/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro"] }}
matrix_synapse_app_service_config_files: >
{{ matrix_synapse_app_service_config_files|default([]) }}
+
{{ ["{{ matrix_synapse_app_service_config_file_mautrix_facebook }}"] | to_nice_json }}
{{ ["/matrix-mautrix-facebook-registration.yaml"] }}

11
roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml
View file

@ -76,20 +76,17 @@
python3 -m mautrix_telegram -g -c /data/config.yaml -r /data/registration.yaml
when: "not mautrix_telegram_registration_file_stat.stat.exists"
- set_fact:
matrix_synapse_app_service_config_file_mautrix_telegram: '/app-registration/mautrix-telegram.yml'
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_additional_volumes: >
{{ matrix_synapse_container_additional_volumes|default([]) }}
matrix_synapse_container_extra_arguments: >
{{ matrix_synapse_container_extra_arguments|default([]) }}
+
{{ [{'src': '{{ matrix_mautrix_telegram_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_telegram }}', 'options': 'ro'}] }}
{{ ["--mount type=bind,src={{ matrix_mautrix_telegram_base_path }}/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro"] }}
matrix_synapse_app_service_config_files: >
{{ matrix_synapse_app_service_config_files|default([]) }}
+
{{ ["{{ matrix_synapse_app_service_config_file_mautrix_telegram }}"] | to_nice_json }}
{{ ["/matrix-mautrix-telegram-registration.yaml"] }}
- block:
- name: Fail if matrix-nginx-proxy role already executed

11
roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml
View file

@ -65,17 +65,14 @@
/usr/bin/mautrix-whatsapp -g -c /data/config.yaml -r /data/registration.yaml
when: "not mautrix_whatsapp_registration_file_stat.stat.exists"
- set_fact:
matrix_synapse_app_service_config_file_mautrix_whatsapp: '/app-registration/mautrix-whatsapp.yml'
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_additional_volumes: >
{{ matrix_synapse_container_additional_volumes|default([]) }}
matrix_synapse_container_extra_arguments: >
{{ matrix_synapse_container_extra_arguments|default([]) }}
+
{{ [{'src': '{{ matrix_mautrix_whatsapp_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_whatsapp }}', 'options': 'ro'}] }}
{{ ["--mount type=bind,src={{ matrix_mautrix_whatsapp_base_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"] }}
matrix_synapse_app_service_config_files: >
{{ matrix_synapse_app_service_config_files|default([]) }}
+
{{ ["{{ matrix_synapse_app_service_config_file_mautrix_whatsapp }}"] | to_nice_json }}
{{ ["/matrix-mautrix-whatsapp-registration.yaml"] }}

7
roles/matrix-synapse/defaults/main.yml
View file

@ -170,6 +170,11 @@ matrix_synapse_federation_domain_whitelist: ~
# A list of additional "volumes" to mount in the container.
# This list gets populated dynamically based on Synapse extensions that have been enabled.
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
#
# Note: internally, this uses the `-v` flag for mounting the specified volumes.
# It's better (safer) to use the `--mount` flag for mounting volumes.
# To use `--mount`, specifiy it in `matrix_synapse_container_extra_arguments`.
# Example: `matrix_synapse_container_extra_arguments: ['--mount type=bind,src=/outside,dst=/inside,ro']
matrix_synapse_container_additional_volumes: []
# A list of additional loggers to register in synapse.log.config.
@ -179,7 +184,7 @@ matrix_synapse_additional_loggers: []
# A list of appservice config files (in-container filesystem paths).
# This list gets populated dynamically based on Synapse extensions that have been enabled.
# You may wish to use this together with `matrix_synapse_container_additional_volumes`.
# You may wish to use this together with `matrix_synapse_container_additional_volumes` or `matrix_synapse_container_extra_arguments`.
matrix_synapse_app_service_config_files: []
# This is set dynamically during execution depending on whether

2
roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml
View file

@ -1,8 +1,6 @@
- set_fact:
matrix_synapse_password_providers_enabled: true
when: matrix_synapse_ext_password_provider_ldap_enabled|bool
- set_fact:
matrix_synapse_additional_loggers: >
{{ matrix_synapse_additional_loggers }}
+

8
roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml
View file

@ -17,13 +17,11 @@
- set_fact:
matrix_synapse_password_providers_enabled: true
- set_fact:
matrix_synapse_container_additional_volumes: >
{{ matrix_synapse_container_additional_volumes }}
matrix_synapse_container_extra_arguments: >
{{ matrix_synapse_container_extra_arguments|default([]) }}
+
{{ [{'src': '{{ matrix_synapse_ext_path }}/rest_auth_provider.py', 'dst': '{{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py', 'options': 'ro'}] }}
{{ ["--mount type=bind,src={{ matrix_synapse_ext_path }}/rest_auth_provider.py,dst={{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py,ro"] }}
- set_fact:
matrix_synapse_additional_loggers: >
{{ matrix_synapse_additional_loggers }}
+

8
roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml
View file

@ -17,13 +17,11 @@
- set_fact:
matrix_synapse_password_providers_enabled: true
- set_fact:
matrix_synapse_container_additional_volumes: >
{{ matrix_synapse_container_additional_volumes }}
matrix_synapse_container_extra_arguments: >
{{ matrix_synapse_container_extra_arguments|default([]) }}
+
{{ [{'src': '{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py', 'dst': '{{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py', 'options': 'ro'}] }}
{{ ["--mount type=bind,src={{ matrix_synapse_ext_path }}/shared_secret_authenticator.py,dst={{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py,ro"] }}
- set_fact:
matrix_synapse_additional_loggers: >
{{ matrix_synapse_additional_loggers }}
+