From ee2badf7a6558cded771f8769b1a714065ee7e3b Mon Sep 17 00:00:00 2001 From: Kolja Lampe Date: Mon, 5 Sep 2022 11:01:31 +0200 Subject: [PATCH 01/55] Correctly refer to the placeholder --- docs/configuring-playbook-bot-matrix-registration-bot.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bot-matrix-registration-bot.md b/docs/configuring-playbook-bot-matrix-registration-bot.md index 739f0869..a3e4bbeb 100644 --- a/docs/configuring-playbook-bot-matrix-registration-bot.md +++ b/docs/configuring-playbook-bot-matrix-registration-bot.md @@ -56,7 +56,7 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start ## Usage -To use the bot, create a **non-encrypted** room and invite `@bot.matrix-registration-bot:DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). +To use the bot, create a **non-encrypted** room and invite `@bot.matrix-registration-bot:DOMAIN` (where `DOMAIN` is your base domain, not the `matrix.` domain). In this room send `help` and the bot will reply with all options. From 5f9f891322effa21d81c468cdcde701b6ba8c72c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 5 Sep 2022 20:04:21 +0300 Subject: [PATCH 02/55] Fix misleading comment Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2086 --- roles/matrix-conduit/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-conduit/defaults/main.yml b/roles/matrix-conduit/defaults/main.yml index 48a1ed1b..366321b9 100644 --- a/roles/matrix-conduit/defaults/main.yml +++ b/roles/matrix-conduit/defaults/main.yml @@ -38,7 +38,7 @@ matrix_conduit_max_request_size: 20_000_000 # Maximum number of open files for Conduit's embedded RocksDB database # See https://github.com/facebook/rocksdb/wiki/RocksDB-Tuning-Guide#tuning-other-options -# If not specified, Conduit defaults to a relatively low value of 20 +# By default, Conduit uses a relatively low value of 20. matrix_conduit_rocksdb_max_open_files: 64 # Enables registration. If set to false, no users can register on this server. From 48a1ab0d22496580d9d7eb14a863cbd9f5ce37a9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 6 Sep 2022 12:16:09 +0300 Subject: [PATCH 03/55] Upgrade Grafana (9.1.2 -> 9.1.3) --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index 0b57de77..dcd07bf5 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -5,7 +5,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 9.1.2 +matrix_grafana_version: 9.1.3 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From 8b40ca8daaa61fdf60bb04f5ff201ee54e942c6d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 6 Sep 2022 12:16:27 +0300 Subject: [PATCH 04/55] Upgrade ddclient (v3.9.1-ls97 -> v3.9.1-ls98) --- roles/matrix-dynamic-dns/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-dynamic-dns/defaults/main.yml b/roles/matrix-dynamic-dns/defaults/main.yml index 8354e1d9..8a5e7cdf 100644 --- a/roles/matrix-dynamic-dns/defaults/main.yml +++ b/roles/matrix-dynamic-dns/defaults/main.yml @@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' -matrix_dynamic_dns_version: v3.9.1-ls97 +matrix_dynamic_dns_version: v3.9.1-ls98 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" From b92ff748e46e98c55f05aec46bb7047142810216 Mon Sep 17 00:00:00 2001 From: Aine Date: Fri, 9 Sep 2022 10:47:00 +0300 Subject: [PATCH 05/55] Update Postmoogle 0.9.0 -> 0.9.1 --- docs/configuring-dns.md | 33 ++++++++++++------- docs/configuring-playbook-bot-postmoogle.md | 3 ++ group_vars/matrix_servers | 2 ++ roles/matrix-bot-postmoogle/defaults/main.yml | 18 +++++++--- roles/matrix-bot-postmoogle/templates/env.j2 | 5 ++- .../systemd/matrix-bot-postmoogle.service.j2 | 2 ++ 6 files changed, 46 insertions(+), 17 deletions(-) diff --git a/docs/configuring-dns.md b/docs/configuring-dns.md index ca7c08b0..e03a8cb8 100644 --- a/docs/configuring-dns.md +++ b/docs/configuring-dns.md @@ -28,18 +28,22 @@ If you are using Cloudflare DNS, make sure to disable the proxy and set all reco ## DNS settings for optional services/features -| Type | Host | Priority | Weight | Port | Target | -| ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- | -| SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.` | -| CNAME | `dimension` | - | - | - | `matrix.` | -| CNAME | `jitsi` | - | - | - | `matrix.` | -| CNAME | `stats` | - | - | - | `matrix.` | -| CNAME | `goneb` | - | - | - | `matrix.` | -| CNAME | `sygnal` | - | - | - | `matrix.` | -| CNAME | `ntfy` | - | - | - | `matrix.` | -| CNAME | `hydrogen` | - | - | - | `matrix.` | -| CNAME | `cinny` | - | - | - | `matrix.` | -| CNAME | `buscarron` | - | - | - | `matrix.` | +| Type | Host | Priority | Weight | Port | Target | +| ----- | ------------------------------ | -------- | ------ | ---- | --------------------------- | +| SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.` | +| CNAME | `dimension` | - | - | - | `matrix.` | +| CNAME | `jitsi` | - | - | - | `matrix.` | +| CNAME | `stats` | - | - | - | `matrix.` | +| CNAME | `goneb` | - | - | - | `matrix.` | +| CNAME | `sygnal` | - | - | - | `matrix.` | +| CNAME | `ntfy` | - | - | - | `matrix.` | +| CNAME | `hydrogen` | - | - | - | `matrix.` | +| CNAME | `cinny` | - | - | - | `matrix.` | +| CNAME | `buscarron` | - | - | - | `matrix.` | +| MX | `matrix` | 10 | 0 | - | `matrix.` | +| TXT | `matrix` | - | - | - | `v=spf1 ip4: -all` | +| TXT | `_dmarc.matrix` | - | - | - | `v=DMARC1; p=quarantine;` | +| TXT | `postmoogle._domainkey.matrix` | - | - | - | get it from `!pm dkim` | ## Subdomains setup @@ -77,3 +81,8 @@ This is an optional feature for the optionally-installed [ma1sd service](configu Note: This `_matrix-identity._tcp` SRV record for the identity server is different from the `_matrix._tcp` that can be used for Synapse delegation. See [howto-server-delegation.md](howto-server-delegation.md) for more information about delegation. When you're done with the DNS configuration and ready to proceed, continue with [Getting the playbook](getting-the-playbook.md). + +## `_dmarc`, `postmoogle._domainkey` TXT and `matrix` MX records setup + +To make the [postmoogle](https://gitlab.com/etke.cc/postmoogle) email bridge enable its email sending features, you need to configure +SPF (TXT), DMARC (TXT), DKIM (TXT) and MX records diff --git a/docs/configuring-playbook-bot-postmoogle.md b/docs/configuring-playbook-bot-postmoogle.md index 70ac57b6..31566da9 100644 --- a/docs/configuring-playbook-bot-postmoogle.md +++ b/docs/configuring-playbook-bot-postmoogle.md @@ -35,6 +35,9 @@ matrix_bot_postmoogle_enabled: true matrix_bot_postmoogle_password: PASSWORD_FOR_THE_BOT ``` +You will also need to add several DNS records so that postmoogle can send emails. +See [Configuring DNS](configuring-dns.md). + ## Installing diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 074e06e9..6f841168 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1791,6 +1791,8 @@ matrix_ssl_domains_to_obtain_certificates_for: | + ([matrix_server_fqn_ntfy] if matrix_ntfy_enabled else []) + + ([matrix_bot_postmoogle_domain] if matrix_bot_postmoogle_enabled else []) + + ([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else []) + matrix_ssl_additional_domains_to_obtain_certificates_for diff --git a/roles/matrix-bot-postmoogle/defaults/main.yml b/roles/matrix-bot-postmoogle/defaults/main.yml index 10c4255b..718480e3 100644 --- a/roles/matrix-bot-postmoogle/defaults/main.yml +++ b/roles/matrix-bot-postmoogle/defaults/main.yml @@ -9,7 +9,7 @@ matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git" matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}" matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src" -matrix_bot_postmoogle_version: v0.9.0 +matrix_bot_postmoogle_version: v0.9.1 matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}postmoogle:{{ matrix_bot_postmoogle_version }}" matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}" @@ -17,6 +17,7 @@ matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_ matrix_bot_postmoogle_base_path: "{{ matrix_base_data_path }}/postmoogle" matrix_bot_postmoogle_config_path: "{{ matrix_bot_postmoogle_base_path }}/config" matrix_bot_postmoogle_data_path: "{{ matrix_bot_postmoogle_base_path }}/data" +matrix_bot_postmoogle_ssl_path: "{{ matrix_ssl_config_dir_path }}" # A list of extra arguments to pass to the container matrix_bot_postmoogle_container_extra_arguments: [] @@ -110,11 +111,20 @@ matrix_bot_postmoogle_noencryption: false matrix_bot_postmoogle_domain: "{{ matrix_server_fqn_matrix }}" -# in-container port -matrix_bot_postmoogle_port: '2525' +# Mandatory TLS, even on plain SMTP port +matrix_bot_postmoogle_tls_required: false -# on-host port +# in-container ports +matrix_bot_postmoogle_port: '2525' +matrix_bot_postmoogle_tls_port: '25587' + +# on-host ports matrix_bot_postmoogle_smtp_host_bind_port: '25' +matrix_bot_postmoogle_smtps_host_bind_port: '587' + +# in-container SSL paths +matrix_bot_postmoogle_tls_cert: "/ssl/live/{{ matrix_bot_postmoogle_domain }}/fullchain.pem" +matrix_bot_postmoogle_tls_key: "/ssl/live/{{ matrix_bot_postmoogle_domain }}/privkey.pem" # Additional environment variables to pass to the postmoogle container # diff --git a/roles/matrix-bot-postmoogle/templates/env.j2 b/roles/matrix-bot-postmoogle/templates/env.j2 index 7c0d10be..304e0dd8 100644 --- a/roles/matrix-bot-postmoogle/templates/env.j2 +++ b/roles/matrix-bot-postmoogle/templates/env.j2 @@ -10,7 +10,10 @@ POSTMOOGLE_MAXSIZE={{ matrix_bot_postmoogle_maxsize }} POSTMOOGLE_SENTRY={{ matrix_bot_postmoogle_sentry }} POSTMOOGLE_LOGLEVEL={{ matrix_bot_postmoogle_loglevel }} POSTMOOGLE_NOENCRYPTION={{ matrix_bot_postmoogle_noencryption }} -POSTMOOGLE_USERS={{ matrix_bot_postmoogle_users | join(' ') }} POSTMOOGLE_ADMINS={{ matrix_bot_postmoogle_admins | join(' ') }} +POSTMOOGLE_TLS_PORT={{ matrix_bot_postmoogle_tls_port }} +POSTMOOGLE_TLS_CERT={{ matrix_bot_postmoogle_tls_cert }} +POSTMOOGLE_TLS_KEY={{ matrix_bot_postmoogle_tls_key }} +POSTMOOGLE_TLS_REQUIRED={{ matrix_bot_postmoogle_tls_required }} {{ matrix_bot_postmoogle_environment_variables_extension }} diff --git a/roles/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2 b/roles/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2 index 38eb89a6..8250d20a 100644 --- a/roles/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2 +++ b/roles/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2 @@ -24,7 +24,9 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-postmoogle --network={{ matrix_docker_network }} \ --env-file={{ matrix_bot_postmoogle_config_path }}/env \ -p {{ matrix_bot_postmoogle_smtp_host_bind_port }}:{{ matrix_bot_postmoogle_port }} \ + -p {{ matrix_bot_postmoogle_smtps_host_bind_port }}:{{ matrix_bot_postmoogle_tls_port }} \ --mount type=bind,src={{ matrix_bot_postmoogle_data_path }},dst=/data \ + --mount type=bind,src={{ matrix_bot_postmoogle_ssl_path }},dst=/ssl \ {% for arg in matrix_bot_postmoogle_container_extra_arguments %} {{ arg }} \ {% endfor %} From 692a7af36afcb301d3e16fc9c2924681871cda2e Mon Sep 17 00:00:00 2001 From: Aine Date: Fri, 9 Sep 2022 13:19:25 +0300 Subject: [PATCH 06/55] postmoogle feedback --- docs/configuring-dns.md | 2 +- group_vars/matrix_servers | 3 ++ roles/matrix-bot-postmoogle/defaults/main.yml | 30 ++++++++++++++----- .../systemd/matrix-bot-postmoogle.service.j2 | 6 +++- .../tasks/ssl/setup_ssl_lets_encrypt.yml | 2 +- .../tasks/ssl/setup_ssl_manually_managed.yml | 2 +- .../tasks/ssl/setup_ssl_self_signed.yml | 2 +- 7 files changed, 34 insertions(+), 13 deletions(-) diff --git a/docs/configuring-dns.md b/docs/configuring-dns.md index e03a8cb8..05cb4b7a 100644 --- a/docs/configuring-dns.md +++ b/docs/configuring-dns.md @@ -84,5 +84,5 @@ When you're done with the DNS configuration and ready to proceed, continue with ## `_dmarc`, `postmoogle._domainkey` TXT and `matrix` MX records setup -To make the [postmoogle](https://gitlab.com/etke.cc/postmoogle) email bridge enable its email sending features, you need to configure +To make the [postmoogle](configuring-playbook-bot-postmoogle.md) email bridge enable its email sending features, you need to configure SPF (TXT), DMARC (TXT), DKIM (TXT) and MX records diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 6f841168..2c14a917 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1210,6 +1210,9 @@ matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in # We don't enable bots by default. matrix_bot_postmoogle_enabled: false +matrix_bot_postmoogle_ssl_path: "{{ matrix_ssl_config_dir_path }}" +matrix_bot_postmoogle_tls_cert: "/ssl/live/{{ matrix_bot_postmoogle_domain }}/fullchain.pem" +matrix_bot_postmoogle_tls_key: "/ssl/live/{{ matrix_bot_postmoogle_domain }}/privkey.pem" matrix_bot_postmoogle_systemd_required_services_list: | {{ diff --git a/roles/matrix-bot-postmoogle/defaults/main.yml b/roles/matrix-bot-postmoogle/defaults/main.yml index 718480e3..6f7a96cc 100644 --- a/roles/matrix-bot-postmoogle/defaults/main.yml +++ b/roles/matrix-bot-postmoogle/defaults/main.yml @@ -17,7 +17,6 @@ matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_ matrix_bot_postmoogle_base_path: "{{ matrix_base_data_path }}/postmoogle" matrix_bot_postmoogle_config_path: "{{ matrix_bot_postmoogle_base_path }}/config" matrix_bot_postmoogle_data_path: "{{ matrix_bot_postmoogle_base_path }}/data" -matrix_bot_postmoogle_ssl_path: "{{ matrix_ssl_config_dir_path }}" # A list of extra arguments to pass to the container matrix_bot_postmoogle_container_extra_arguments: [] @@ -111,20 +110,35 @@ matrix_bot_postmoogle_noencryption: false matrix_bot_postmoogle_domain: "{{ matrix_server_fqn_matrix }}" -# Mandatory TLS, even on plain SMTP port -matrix_bot_postmoogle_tls_required: false - # in-container ports matrix_bot_postmoogle_port: '2525' matrix_bot_postmoogle_tls_port: '25587' # on-host ports matrix_bot_postmoogle_smtp_host_bind_port: '25' -matrix_bot_postmoogle_smtps_host_bind_port: '587' +matrix_bot_postmoogle_submission_host_bind_port: '587' -# in-container SSL paths -matrix_bot_postmoogle_tls_cert: "/ssl/live/{{ matrix_bot_postmoogle_domain }}/fullchain.pem" -matrix_bot_postmoogle_tls_key: "/ssl/live/{{ matrix_bot_postmoogle_domain }}/privkey.pem" +### SSL +## on-host SSL dir +matrix_bot_postmoogle_ssl_path: "" + +## in-container SSL paths +# matrix_bot_postmoogle_tls_cert is the SSL certificate's certificate. +# This is likely set via group_vars/matrix_servers, so you don't need to set it. +# If you do need to set it manually, note that this is an in-container path. +# To mount a certificates volumes into the container, use matrix_bot_postmoogle_ssl_path +# Example value: /ssl/live/{{ matrix_bot_postmoogle_domain }}/fullchain.pem +matrix_bot_postmoogle_tls_cert: "" + +# matrix_bot_postmoogle_tls_key is the SSL certificate's key. +# This is likely set via group_vars/matrix_servers, so you don't need to set it. +# If you do need to set it manually, note that this is an in-container path. +# To mount a certificates volumes into the container, use matrix_bot_postmoogle_ssl_path +# Example value: /ssl/live/{{ matrix_bot_postmoogle_domain }}/privkey.pem +matrix_bot_postmoogle_tls_key: "" + +# Mandatory TLS, even on plain SMTP port +matrix_bot_postmoogle_tls_required: false # Additional environment variables to pass to the postmoogle container # diff --git a/roles/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2 b/roles/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2 index 8250d20a..fa45a3a4 100644 --- a/roles/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2 +++ b/roles/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2 @@ -24,9 +24,13 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-postmoogle --network={{ matrix_docker_network }} \ --env-file={{ matrix_bot_postmoogle_config_path }}/env \ -p {{ matrix_bot_postmoogle_smtp_host_bind_port }}:{{ matrix_bot_postmoogle_port }} \ - -p {{ matrix_bot_postmoogle_smtps_host_bind_port }}:{{ matrix_bot_postmoogle_tls_port }} \ + {% if matrix_bot_postmoogle_ssl_path %} + -p {{ matrix_bot_postmoogle_submission_host_bind_port }}:{{ matrix_bot_postmoogle_tls_port }} \ + {% endif %} --mount type=bind,src={{ matrix_bot_postmoogle_data_path }},dst=/data \ + {% if matrix_bot_postmoogle_ssl_path %} --mount type=bind,src={{ matrix_bot_postmoogle_ssl_path }},dst=/ssl \ + {% endif %} {% for arg in matrix_bot_postmoogle_container_extra_arguments %} {{ arg }} \ {% endfor %} diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml index 0e5339a9..f2afe2ff 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml @@ -26,7 +26,7 @@ - name: Obtain Let's Encrypt certificates ansible.builtin.include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml" - with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}" + with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for | unique }}" loop_control: loop_var: domain_name diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml index f6fc5a81..769af323 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml @@ -2,7 +2,7 @@ - name: Verify certificates ansible.builtin.include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml" - with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}" + with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for | unique }}" loop_control: loop_var: domain_name when: "matrix_ssl_retrieval_method == 'manually-managed'" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml index 3a7f1958..918b74db 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml @@ -5,7 +5,7 @@ - name: Generate self-signed certificates ansible.builtin.include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml" - with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}" + with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for | unique }}" loop_control: loop_var: domain_name when: "matrix_ssl_retrieval_method == 'self-signed'" From 98b9e2cd848397acfdf1c5573385a2ff7462beb7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 9 Sep 2022 14:36:53 +0300 Subject: [PATCH 07/55] Add "Component" column to optional-DNS-records table --- docs/configuring-dns.md | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/docs/configuring-dns.md b/docs/configuring-dns.md index 05cb4b7a..8b80613a 100644 --- a/docs/configuring-dns.md +++ b/docs/configuring-dns.md @@ -28,22 +28,22 @@ If you are using Cloudflare DNS, make sure to disable the proxy and set all reco ## DNS settings for optional services/features -| Type | Host | Priority | Weight | Port | Target | -| ----- | ------------------------------ | -------- | ------ | ---- | --------------------------- | -| SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.` | -| CNAME | `dimension` | - | - | - | `matrix.` | -| CNAME | `jitsi` | - | - | - | `matrix.` | -| CNAME | `stats` | - | - | - | `matrix.` | -| CNAME | `goneb` | - | - | - | `matrix.` | -| CNAME | `sygnal` | - | - | - | `matrix.` | -| CNAME | `ntfy` | - | - | - | `matrix.` | -| CNAME | `hydrogen` | - | - | - | `matrix.` | -| CNAME | `cinny` | - | - | - | `matrix.` | -| CNAME | `buscarron` | - | - | - | `matrix.` | -| MX | `matrix` | 10 | 0 | - | `matrix.` | -| TXT | `matrix` | - | - | - | `v=spf1 ip4: -all` | -| TXT | `_dmarc.matrix` | - | - | - | `v=DMARC1; p=quarantine;` | -| TXT | `postmoogle._domainkey.matrix` | - | - | - | get it from `!pm dkim` | +| Type | Host | Priority | Weight | Port | Target | Used by component | +| ----- | ------------------------------ | -------- | ------ | ---- | --------------------------- | ----------------------------------------------------------------------------------------------------------------------- | +| SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.` | [ma1sd](configuring-playbook-ma1sd.md) identity server | +| CNAME | `dimension` | - | - | - | `matrix.` | [Dimension](configuring-playbook-dimension.md) integration server | +| CNAME | `jitsi` | - | - | - | `matrix.` | [Jitsi](configuring-playbook-jitsi.md) video-conferencing platform | +| CNAME | `stats` | - | - | - | `matrix.` | [Prometheus/Grafana](configuring-playbook-prometheus-grafana.md) monitoring system | +| CNAME | `goneb` | - | - | - | `matrix.` | [Go-NEB](configuring-playbook-bot-go-neb.md) bot | +| CNAME | `sygnal` | - | - | - | `matrix.` | [Sygnal](configuring-playbook-sygnal.md) push notification gateway | +| CNAME | `ntfy` | - | - | - | `matrix.` | [ntfy](configuring-playbook-ntfy.md) push notifications server | +| CNAME | `hydrogen` | - | - | - | `matrix.` | [Hydrogen](configuring-playbook-client-hydrogen.md) web client | +| CNAME | `cinny` | - | - | - | `matrix.` | [Cinny](configuring-playbook-client-cinny.md) web client | +| CNAME | `buscarron` | - | - | - | `matrix.` | [Buscarron](configuring-playbook-bot-buscarron.md) helpdesk bot | +| MX | `matrix` | 10 | 0 | - | `matrix.` | [Postmoogle](configuring-playbook-bot-postmoogle.md)/[Email2Matrix](configuring-playbook-email2matrix.md) email bridges | +| TXT | `matrix` | - | - | - | `v=spf1 ip4: -all` | [Postmoogle](configuring-playbook-bot-postmoogle.md)/[Email2Matrix](configuring-playbook-email2matrix.md) email bridges | +| TXT | `_dmarc.matrix` | - | - | - | `v=DMARC1; p=quarantine;` | [Postmoogle](configuring-playbook-bot-postmoogle.md)/[Email2Matrix](configuring-playbook-email2matrix.md) email bridges | +| TXT | `postmoogle._domainkey.matrix` | - | - | - | get it from `!pm dkim` | [Postmoogle](configuring-playbook-bot-postmoogle.md)/[Email2Matrix](configuring-playbook-email2matrix.md) email bridges | ## Subdomains setup From 5825a0c9195b990b727d5c0d507671281f01da71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 9 Sep 2022 13:37:52 +0200 Subject: [PATCH 08/55] Cactus comments (#2089) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add construct for cactus comments role * Adjust config files * Add docker self build to defaults * Adjust tasks * Fix smaller syntax errors * Fix env argument * Add tmp path to allow container writing there Background why I did this: https://docs.gunicorn.org/en/stable/settings.html#worker-tmp-dir * Change port back to 5000 as not configurable in container * Try to add appservice config file for synapse to use * Inject appservice file * Correct copied variable name * Comment out unused app service file injection would need mounting the appservice file to the synapse container i guess * Move role before synapse to be able to inject during runtime * Remove unused parts * Change default user id to mirror official docs * Add docs * Update roles/matrix-cactus-comments/tasks/setup_install.yml Co-authored-by: Slavi Pantaleev * Update roles/matrix-cactus-comments/templates/cactus_appservice.yaml.j2 Co-authored-by: Slavi Pantaleev * Generate secrets if necessary, adjust docs * Rename cactusbot userid * Shorten salt strings Co-authored-by: Slavi Pantaleev * Use tmpfs instead of persistent mount * Remove proxy option as it is nonsense * Add download and serving of cc-client files * Add documentation on client * Clarify docs a bit * Add nginx proxy to required services Signed-off-by: Julian-Samuel Gebühr * Use container address Signed-off-by: Julian-Samuel Gebühr * Correct comment of user id Signed-off-by: Julian-Samuel Gebühr * Use releases or local distributed client Signed-off-by: Julian-Samuel Gebühr * Move homeserver url to defaults Signed-off-by: Julian-Samuel Gebühr * Correct truth value Signed-off-by: Julian-Samuel Gebühr * Add documentation of variables Co-authored-by: Slavi Pantaleev * Tabs vs. spaces Co-authored-by: Slavi Pantaleev * Make nginx root configurable Signed-off-by: Julian-Samuel Gebühr * Complete ake nginx root configurable Signed-off-by: Julian-Samuel Gebühr * Fix file permission Signed-off-by: Julian-Samuel Gebühr * Fix lint errors Signed-off-by: Julian-Samuel Gebühr Signed-off-by: Julian-Samuel Gebühr Co-authored-by: Slavi Pantaleev --- README.md | 2 + docs/configuring-playbook-cactus-comments.md | 63 ++++++++ docs/configuring-playbook.md | 2 + docs/container-images.md | 2 + group_vars/matrix_servers | 29 ++++ .../matrix-cactus-comments/defaults/main.yml | 58 ++++++++ roles/matrix-cactus-comments/tasks/init.yml | 67 +++++++++ roles/matrix-cactus-comments/tasks/main.yml | 23 +++ .../tasks/setup_install.yml | 138 ++++++++++++++++++ .../tasks/setup_uninstall.yml | 36 +++++ .../tasks/validate_config.yml | 10 ++ .../templates/cactus_appservice.yaml.j2 | 19 +++ roles/matrix-cactus-comments/templates/env.j2 | 6 + .../systemd/matrix-cactus-comments.service.j2 | 36 +++++ setup.yml | 1 + 15 files changed, 492 insertions(+) create mode 100644 docs/configuring-playbook-cactus-comments.md create mode 100644 roles/matrix-cactus-comments/defaults/main.yml create mode 100644 roles/matrix-cactus-comments/tasks/init.yml create mode 100644 roles/matrix-cactus-comments/tasks/main.yml create mode 100644 roles/matrix-cactus-comments/tasks/setup_install.yml create mode 100644 roles/matrix-cactus-comments/tasks/setup_uninstall.yml create mode 100644 roles/matrix-cactus-comments/tasks/validate_config.yml create mode 100644 roles/matrix-cactus-comments/templates/cactus_appservice.yaml.j2 create mode 100644 roles/matrix-cactus-comments/templates/env.j2 create mode 100644 roles/matrix-cactus-comments/templates/systemd/matrix-cactus-comments.service.j2 diff --git a/README.md b/README.md index 221e8a85..e545d18f 100644 --- a/README.md +++ b/README.md @@ -137,6 +137,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [Buscarron](https://gitlab.com/etke.cc/buscarron) bot - see [docs/configuring-playbook-bot-buscarron.md](docs/configuring-playbook-bot-buscarron.md) for setup documentation +- (optional) [Cactus Comments](https://cactus.chat), a federated comment system built on matrix - see [docs/configuring-playbook-cactus-comments.md](docs/configuring-playbook-cactus-comments.md) for setup documentation + Basically, this playbook aims to get you up-and-running with all the necessities around Matrix, without you having to do anything else. **Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need. diff --git a/docs/configuring-playbook-cactus-comments.md b/docs/configuring-playbook-cactus-comments.md new file mode 100644 index 00000000..b62d33b2 --- /dev/null +++ b/docs/configuring-playbook-cactus-comments.md @@ -0,0 +1,63 @@ +# Setting up Cactus Comments (optional) + +The playbook can install and configure [Cactus Comments](https://cactus.chat) for you. + +Cactus Comments is a **federated comment system** built on Matrix. The role allows you to self-host the system. +It respects your privacy, and puts you in control. + +See the project's [documentation](https://cactus.chat/docs/getting-started/introduction/) to learn what it +does and why it might be useful to you. + + +## Configuration + +Add the following block to your `vars.yaml` and make sure to exchange the tokens to randomly generated values. + +```ỳaml +################# +## Cactus Chat ## +################# + +matrix_cactus_comments_enabled: true + +# To allow guest comments without users needing to log in, you need to have guest registration enabled. +# To do this you need to uncomment one of the following lines (depending if you are using synapse or dentrite as a homeserver) +# If you don't know which one you use: The default is synapse ;) +# matrix_synapse_allow_guest_access: true +# matrix_dentrite_allow_guest_access +``` + +## Installing + +After configuring the playbook, run the [installation](installing.md) command again: + +``` +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` + + +## Usage + +To get started wit cactus comments message @bot.cactusbot:your-homeserver.com and type `help` to make sure it works. +Then register a site by typing: `register `. You will then be invited into a moderation room. +Now you are good to go and can include the comment section on your website! + +**Careful:** To really make use of self-hosting you need change a few things in comparison to the official docs! + +Insert the following snippet into you page and make sure to replace `example.com` with your base domain! + + +```html + + +
+ +``` diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index b3b44b5f..b17f902f 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -179,3 +179,5 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up the Sygnal push gateway](configuring-playbook-sygnal.md) (optional) - [Setting up the ntfy push notifications server](configuring-playbook-ntfy.md) (optional) + +- [Setting up a Cactus Comments server](configuring-playbook-cactus-comments.md) - a federated comment system built on Matrix (optional) diff --git a/docs/container-images.md b/docs/container-images.md index b16babff..737a4457 100644 --- a/docs/container-images.md +++ b/docs/container-images.md @@ -117,3 +117,5 @@ These services are not part of our default installation, but can be enabled by [ - [matrixdotorg/sygnal](https://hub.docker.com/r/matrixdotorg/sygnal/) - [Sygnal](https://github.com/matrix-org/sygnal) is a reference Push Gateway for Matrix - [binwiederhier/ntfy](https://hub.docker.com/r/binwiederhier/ntfy/) - [ntfy](https://ntfy.sh/) is a self-hosted, UnifiedPush-compatible push notifications server + +- [cactuscomments/cactus-appservice](https://hub.docker.com/r/cactuscomments/cactus-appservice/) - [Cactus Comments](https://cactus.chat) a federated comment system built on Matrix diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 2c14a917..d96af363 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1332,6 +1332,35 @@ matrix_backup_borg_systemd_required_services_list: | # /matrix-backup-borg # ###################################################################### +###################################################################### +# +# matrix-cactus-comments +# +###################################################################### + +matrix_cactus_comments_enabled: false + +# Derive secret values from homeserver secret +matrix_cactus_comments_as_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus.as.token') | to_uuid }}" +matrix_cactus_comments_hs_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus.hs.token') | to_uuid }}" + +matrix_cactus_comments_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" +matrix_cactus_comments_systemd_required_services_list: | + {{ + (['docker.service']) + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + + + (['matrix-' + matrix_homeserver_implementation + '.service']) + }} + +matrix_cactus_comments_client_nginx_path: {{ '/cactus-comments/' if matrix_nginx_proxy_enabled else matrix_cactus_comments_client_path + '/' }} + +###################################################################### +# +# /matrix-cactus-comments +# +###################################################################### ###################################################################### # diff --git a/roles/matrix-cactus-comments/defaults/main.yml b/roles/matrix-cactus-comments/defaults/main.yml new file mode 100644 index 00000000..dbd5b844 --- /dev/null +++ b/roles/matrix-cactus-comments/defaults/main.yml @@ -0,0 +1,58 @@ +--- +# Cactus Comments is a federated comment system built on Matrix + +matrix_cactus_comments_enabled: true +matrix_cactus_comments_serve_client_enabled: true +matrix_cactus_comments_container_image_self_build: false +matrix_cactus_comments_docker_repo: "https://gitlab.com/cactus-comments/cactus-appservice.git" +matrix_cactus_comments_docker_repo_version: "{{ matrix_cactus_comments_version if matrix_cactus_comments_version != 'latest' else 'main' }}" +matrix_cactus_comments_docker_src_files_path: "{{ matrix_cactus_comments_base_path }}/docker-src" + + +matrix_cactus_comments_base_path: "{{ matrix_base_data_path }}/cactus-comments" +matrix_cactus_comments_container_tmp_path: "{{ matrix_cactus_comments_base_path }}/tmp" +matrix_cactus_comments_client_path: "{{ matrix_cactus_comments_base_path }}/client" +matrix_cactus_comments_client_file_permissions: "0644" + +matrix_cactus_comments_app_service_config_file: "{{ matrix_cactus_comments_base_path }}/cactus_appservice.yaml" +matrix_cactus_comments_app_service_env_file: "{{ matrix_cactus_comments_base_path }}/cactus.env" + +matrix_cactus_comments_as_token: '' +matrix_cactus_comments_hs_token: '' +matrix_cactus_comments_homeserver_url: "{{ matrix_homeserver_container_url }}" +matrix_cactus_comments_user_id: "bot.cactusbot" +matrix_cactus_comments_tmp_directory_size_mb: 1 + +matrix_cactus_comments_container_port: 5000 + +matrix_cactus_comments_version: latest +matrix_cactus_comments_docker_image: "{{ matrix_container_global_registry_prefix }}cactuscomments/cactus-appservice:{{ matrix_cactus_comments_version }}" +matrix_cactus_comments_docker_image_force_pull: "{{ matrix_cactus_comments_docker_image.endswith(':latest') }}" + +# matrix_cactus_comments_client_version specifies the version of the cactus-client release to use. +# For available versions, see: https://gitlab.com/cactus-comments/cactus-client/-/releases +# Also see: `matrix_cactus_comments_client_local_dir` +matrix_cactus_comments_client_version: "0.13.0" + +# matrix_cactus_comments_client_local_dir specifies a local directory (on the Ansible controller, not on the remote server) with cactus-client files to use. +# This is an alternative to `matrix_cactus_comments_client_version`, to be used when you'd like to +# provide the files locally / manually. +matrix_cactus_comments_client_local_dir: '' + +# matrix_cactus_comments_client_nginx_path specifies the path where nginx can access the client files. +# The default value assumes a container setup. If you're running nginx without a container, consider adjusting this path +matrix_cactus_comments_client_nginx_path: "/cactus-comments/" + +# matrix_cactus_comments_client_endpoint specifies where nginx will serve the files in nginx is enabled +matrix_cactus_comments_client_endpoint: "/cactus-comments/" + +# List of systemd services that matrix-cactus-comments.service depends on +matrix_bot_cactus_comments_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-cactus-comments.service wants +matrix_bot_cactus_comments_systemd_wanted_services_list: [] + +# A list of extra arguments to pass to the container +matrix_cactus_comments_container_extra_arguments: [] + +matrix_cactus_comments_environment_variables_extension: '' diff --git a/roles/matrix-cactus-comments/tasks/init.yml b/roles/matrix-cactus-comments/tasks/init.yml new file mode 100644 index 00000000..78cdd319 --- /dev/null +++ b/roles/matrix-cactus-comments/tasks/init.yml @@ -0,0 +1,67 @@ +--- + +- ansible.builtin.set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-cactus-comments.service'] }}" + when: matrix_cactus_comments_enabled | bool + +# If the matrix-synapse role is not used, these variables may not exist. +- ansible.builtin.set_fact: + matrix_homeserver_container_runtime_injected_arguments: > + {{ + matrix_homeserver_container_runtime_injected_arguments | default([]) + + + ["--mount type=bind,src={{ matrix_cactus_comments_app_service_config_file }},dst=/matrix-cactus-comments.yaml,ro"] + }} + + matrix_homeserver_app_service_runtime_injected_config_files: > + {{ + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + + + ["/matrix-cactus-comments.yaml"] + }} + when: matrix_cactus_comments_enabled | bool + +- block: + - name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append Cactus Comment's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-cactus-comments role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + + - name: Mount volume + ansible.builtin.set_fact: + matrix_nginx_proxy_container_additional_volumes: > + {{ + matrix_nginx_proxy_container_additional_volumes | default([]) + + + [{"src": "{{ matrix_cactus_comments_client_path }}", "dst": "/cactus-comments/cactus-comments", "options": "ro"}] + }} + - name: Generate Cactus Comment proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_cactus_comments_nginx_proxy_configuration: | + location {{ matrix_cactus_comments_client_endpoint }} { + root {{ matrix_cactus_comments_client_nginx_path }}; + } + when: "matrix_nginx_proxy_enabled | default(False) | bool" + - name: Register Cactus Comment proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([]) + + + [matrix_cactus_comments_nginx_proxy_configuration] + }} + - name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled Cactus Comments but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying client files in {{ matrix_cactus_comments_client_path }} correctly + when: "not matrix_nginx_proxy_enabled | default(False) | bool" + + tags: + - always + when: matrix_cactus_comments_enabled | bool and matrix_cactus_comments_serve_client_enabled | bool diff --git a/roles/matrix-cactus-comments/tasks/main.yml b/roles/matrix-cactus-comments/tasks/main.yml new file mode 100644 index 00000000..857e2db1 --- /dev/null +++ b/roles/matrix-cactus-comments/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_cactus_comments_enabled | bool" + tags: + - setup-all + - setup-cactus-comments + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_cactus_comments_enabled | bool" + tags: + - setup-all + - setup-cactus-comments + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_cactus_comments_enabled | bool" + tags: + - setup-all + - setup-cactus-comments diff --git a/roles/matrix-cactus-comments/tasks/setup_install.yml b/roles/matrix-cactus-comments/tasks/setup_install.yml new file mode 100644 index 00000000..8e6bb68e --- /dev/null +++ b/roles/matrix-cactus-comments/tasks/setup_install.yml @@ -0,0 +1,138 @@ +--- + +- name: Ensure cactus comments paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_cactus_comments_base_path }}", when: true} + - {path: "{{ matrix_cactus_comments_client_path }}", when: true} + - {path: "{{ matrix_cactus_comments_container_tmp_path }}", when: true} + - {path: "{{ matrix_cactus_comments_docker_src_files_path }}", when: matrix_cactus_comments_container_image_self_build} + when: "item.when | bool" + +- name: Ensure cactus comments environment file created + ansible.builtin.template: + src: "{{ role_path }}/templates/env.j2" + dest: "{{ matrix_cactus_comments_app_service_env_file }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + +- name: Ensure cactus comments appservice file created + ansible.builtin.template: + src: "{{ role_path }}/templates/cactus_appservice.yaml.j2" + dest: "{{ matrix_cactus_comments_app_service_config_file }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + +- name: Ensure cactus comments image is pulled + docker_image: + name: "{{ matrix_cactus_comments_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_cactus_comments_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_cactus_comments_docker_image_force_pull }}" + when: "not matrix_cactus_comments_container_image_self_build | bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed + +- name: Ensure cactus comments repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_cactus_comments_docker_repo }}" + version: "{{ matrix_cactus_comments_docker_repo_version }}" + dest: "{{ matrix_cactus_comments_docker_src_files_path }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_cactus_comments_git_pull_results + when: "matrix_cactus_comments_container_image_self_build | bool" + +- name: Ensure cactus comments image is built + docker_image: + name: "{{ matrix_cactus_comments_docker_image }}" + source: build + force_source: "{{ matrix_cactus_comments_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_cactus_comments_docker_src_files_path }}" + pull: true + when: "matrix_cactus_comments_container_image_self_build | bool" + +- block: + - name: Download client binary to local folder + ansible.builtin.get_url: + url: "https://gitlab.com/cactus-comments/cactus-client/-/archive/v{{ matrix_cactus_comments_client_version }}/cactus-client-v{{ matrix_cactus_comments_client_version }}.tar.gz" + dest: "/tmp/cactus-comments-{{ matrix_cactus_comments_client_version }}.tar.gz" + mode: '0644' + register: _download_client + until: _download_client is succeeded + retries: 5 + delay: 2 + check_mode: false + + - name: Unpack client + ansible.builtin.unarchive: + src: "/tmp/cactus-comments-{{ matrix_cactus_comments_client_version }}.tar.gz" + dest: "/tmp/" + remote_src: true + mode: 0600 + check_mode: false + + - name: Propagate client javascript file + ansible.builtin.copy: + src: "/tmp/cactus-client-v{{ matrix_cactus_comments_client_version }}/src/cactus.js" + remote_src: true + dest: "{{ matrix_cactus_comments_client_path }}/cactus.js" + mode: "{{ matrix_cactus_comments_client_file_permissions }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + - name: Propagate client style file + ansible.builtin.copy: + src: "/tmp/cactus-client-v{{ matrix_cactus_comments_client_version }}/src/style.css" + remote_src: true + dest: "{{ matrix_cactus_comments_client_path }}/style.css" + mode: "{{ matrix_cactus_comments_client_file_permissions }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + when: matrix_cactus_comments_client_local_dir | length == 0 + +- block: + - name: Propagate locally distributed client javascreipt + ansible.builtin.copy: + src: "{{ matrix_cactus_comments_client_local_dir }}/src/cactus.js" + dest: "{{ matrix_cactus_comments_client_path }}/cactus.js" + mode: "{{ matrix_cactus_comments_client_file_permissions }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + - name: Propagate locally distributed client style.css + ansible.builtin.copy: + src: "{{ matrix_cactus_comments_client_local_dir }}/src/style.css" + dest: "{{ matrix_cactus_comments_client_path }}/style.css" + mode: "{{ matrix_cactus_comments_client_file_permissions }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + when: matrix_cactus_comments_client_local_dir | length > 0 + +- name: Ensure matrix-cactus-comments.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-cactus-comments.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-cactus-comments.service" + mode: 0644 + register: matrix_cactus_comments_systemd_service_result + +- name: Ensure systemd reloaded after matrix-cactus-comments.service installation + ansible.builtin.service: + daemon_reload: true + when: "matrix_cactus_comments_systemd_service_result.changed | bool" + +- name: Ensure matrix-cactus-comments.service restarted, if necessary + ansible.builtin.service: + name: "matrix-cactus-comments.service" + state: restarted diff --git a/roles/matrix-cactus-comments/tasks/setup_uninstall.yml b/roles/matrix-cactus-comments/tasks/setup_uninstall.yml new file mode 100644 index 00000000..011c04b8 --- /dev/null +++ b/roles/matrix-cactus-comments/tasks/setup_uninstall.yml @@ -0,0 +1,36 @@ +--- + +- name: Check existence of matrix-cactus-comments service + ansible.builtin.stat: + path: "{{ matrix_systemd_path }}/matrix-cactus-comments.service" + register: matrix_cactus_comments_service_stat + +- name: Ensure cactus comments is stopped + ansible.builtin.service: + name: matrix-cactus-comments + state: stopped + enabled: false + daemon_reload: true + register: stopping_result + when: "matrix_cactus_comments_service_stat.stat.exists | bool" + +- name: Ensure matrix-cactus-comments.service doesn't exist + ansible.builtin.file: + path: "{{ matrix_systemd_path }}/matrix-cactus-comments.service" + state: absent + when: "matrix_cactus_comments_service_stat.stat.exists | bool" + +- name: Ensure systemd reloaded after matrix-cactus-comments.service removal + ansible.builtin.service: + daemon_reload: true + when: "matrix_cactus_comments_service_stat.stat.exists | bool" + +- name: Ensure Matrix cactus comments paths don't exist + ansible.builtin.file: + path: "{{ matrix_cactus_comments_base_path }}" + state: absent + +- name: Ensure cactus comments Docker image doesn't exist + docker_image: + name: "{{ matrix_cactus_comments_docker_image }}" + state: absent diff --git a/roles/matrix-cactus-comments/tasks/validate_config.yml b/roles/matrix-cactus-comments/tasks/validate_config.yml new file mode 100644 index 00000000..094a203d --- /dev/null +++ b/roles/matrix-cactus-comments/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + ansible.builtin.fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_cactus_comments_as_token" + - "matrix_cactus_comments_hs_token" diff --git a/roles/matrix-cactus-comments/templates/cactus_appservice.yaml.j2 b/roles/matrix-cactus-comments/templates/cactus_appservice.yaml.j2 new file mode 100644 index 00000000..bfcb4bb3 --- /dev/null +++ b/roles/matrix-cactus-comments/templates/cactus_appservice.yaml.j2 @@ -0,0 +1,19 @@ +# A unique, user-defined ID of the application service which will never change. +id: "Cactus Comments" + +# Where the cactus-appservice is hosted: +url: "http://matrix-cactus-comments:{{ matrix_cactus_comments_container_port }}" + +# Unique tokens used to authenticate requests between our service and the +# homeserver (and the other way). Use the sha256 hashes of something random. +# CHANGE THESE VALUES. +as_token: {{ matrix_cactus_comments_as_token | to_json }} +hs_token: {{ matrix_cactus_comments_hs_token | to_json }} + +# The user id of the cactusbot which can be used to register and moderate sites +sender_localpart: "{{ matrix_cactus_comments_user_id }}" + +namespaces: + aliases: + - exclusive: true + regex: "#comments_.*" diff --git a/roles/matrix-cactus-comments/templates/env.j2 b/roles/matrix-cactus-comments/templates/env.j2 new file mode 100644 index 00000000..ab048961 --- /dev/null +++ b/roles/matrix-cactus-comments/templates/env.j2 @@ -0,0 +1,6 @@ +CACTUS_HS_TOKEN={{ matrix_cactus_comments_hs_token }} +CACTUS_AS_TOKEN={{ matrix_cactus_comments_as_token }} +CACTUS_HOMESERVER_URL={{ matrix_cactus_comments_homeserver_url }} +CACTUS_USER_ID=@{{ matrix_cactus_comments_user_id }}:{{ matrix_domain }} + +{{ matrix_cactus_comments_environment_variables_extension }} diff --git a/roles/matrix-cactus-comments/templates/systemd/matrix-cactus-comments.service.j2 b/roles/matrix-cactus-comments/templates/systemd/matrix-cactus-comments.service.j2 new file mode 100644 index 00000000..06825582 --- /dev/null +++ b/roles/matrix-cactus-comments/templates/systemd/matrix-cactus-comments.service.j2 @@ -0,0 +1,36 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Cactus Comments +{% for service in matrix_bot_cactus_comments_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_bot_cactus_comments_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-cactus-comments 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-cactus-comments 2>/dev/null || true' + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-cactus-comments \ + --log-driver=none \ + --cap-drop=ALL \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --read-only \ + --env-file {{ matrix_cactus_comments_app_service_env_file }} \ + --tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_cactus_comments_tmp_directory_size_mb }}m \ + --network={{ matrix_docker_network }} \ + {{ matrix_cactus_comments_docker_image }} + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-cactus-comments 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-cactus-comments 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-cactus-comments + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index 3b7d235d..bd78158c 100755 --- a/setup.yml +++ b/setup.yml @@ -46,6 +46,7 @@ - matrix-bot-postmoogle - matrix-bot-go-neb - matrix-bot-mjolnir + - matrix-cactus-comments - matrix-synapse - matrix-dendrite - matrix-conduit From d2dc9149a9c9d2475cddaa1b26dc64565f269894 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 9 Sep 2022 14:43:49 +0300 Subject: [PATCH 09/55] =?UTF-8?q?Fix=20YAML=20block=20(=E1=BB=B3aml=20->?= =?UTF-8?q?=20yaml)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2089 --- docs/configuring-playbook-cactus-comments.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-cactus-comments.md b/docs/configuring-playbook-cactus-comments.md index b62d33b2..668d3cb6 100644 --- a/docs/configuring-playbook-cactus-comments.md +++ b/docs/configuring-playbook-cactus-comments.md @@ -13,7 +13,7 @@ does and why it might be useful to you. Add the following block to your `vars.yaml` and make sure to exchange the tokens to randomly generated values. -```ỳaml +```yaml ################# ## Cactus Chat ## ################# From c00a8d4099ed5011c818c999bd4a124a3f4e0fff Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 9 Sep 2022 14:47:53 +0300 Subject: [PATCH 10/55] Announce Cactus Comments support Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2089 --- CHANGELOG.md | 9 +++++++++ docs/configuring-playbook-cactus-comments.md | 2 +- roles/matrix-cactus-comments/defaults/main.yml | 2 ++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0e094858..df4957eb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2022-09-09 + +## Cactus Comments support + +Thanks to [Julian-Samuel Gebühr (@moan0s)](https://github.com/moan0s), the playbook can now set up [Cactus Comments](https://cactus.chat) - federated comment system for the web based on Matrix. + +See our [Setting up a Cactus Comments server](docs/configuring-playbook-cactus-comments.md) documentation to get started. + + # 2022-08-23 ## Postmoogle email bridge support diff --git a/docs/configuring-playbook-cactus-comments.md b/docs/configuring-playbook-cactus-comments.md index 668d3cb6..58a989e8 100644 --- a/docs/configuring-playbook-cactus-comments.md +++ b/docs/configuring-playbook-cactus-comments.md @@ -38,7 +38,7 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start ## Usage -To get started wit cactus comments message @bot.cactusbot:your-homeserver.com and type `help` to make sure it works. +To get started wit cactus comments message `@bot.cactusbot:your-homeserver.com` and type `help` to make sure it works. Then register a site by typing: `register `. You will then be invited into a moderation room. Now you are good to go and can include the comment section on your website! diff --git a/roles/matrix-cactus-comments/defaults/main.yml b/roles/matrix-cactus-comments/defaults/main.yml index dbd5b844..a4c50a66 100644 --- a/roles/matrix-cactus-comments/defaults/main.yml +++ b/roles/matrix-cactus-comments/defaults/main.yml @@ -1,5 +1,7 @@ --- # Cactus Comments is a federated comment system built on Matrix +# Project source code URL: https://gitlab.com/cactus-comments/cactus-appservice +# Project source code URL: https://gitlab.com/cactus-comments/cactus-client matrix_cactus_comments_enabled: true matrix_cactus_comments_serve_client_enabled: true From 71555341d1194e90561fa0d65f30764a047b4028 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 9 Sep 2022 14:49:46 +0300 Subject: [PATCH 11/55] Pin Cactus Comments version (latest -> 0.9.0) Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2089 --- roles/matrix-cactus-comments/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-cactus-comments/defaults/main.yml b/roles/matrix-cactus-comments/defaults/main.yml index a4c50a66..224a5348 100644 --- a/roles/matrix-cactus-comments/defaults/main.yml +++ b/roles/matrix-cactus-comments/defaults/main.yml @@ -27,7 +27,7 @@ matrix_cactus_comments_tmp_directory_size_mb: 1 matrix_cactus_comments_container_port: 5000 -matrix_cactus_comments_version: latest +matrix_cactus_comments_version: 0.9.0 matrix_cactus_comments_docker_image: "{{ matrix_container_global_registry_prefix }}cactuscomments/cactus-appservice:{{ matrix_cactus_comments_version }}" matrix_cactus_comments_docker_image_force_pull: "{{ matrix_cactus_comments_docker_image.endswith(':latest') }}" From a4d8a4094bfe5bb3e100b3d2109e38690087fe9c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 9 Sep 2022 15:02:45 +0300 Subject: [PATCH 12/55] Put "Component" column first in the optional-DNS configuration table Related to 98b9e2cd848397ac --- docs/configuring-dns.md | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/docs/configuring-dns.md b/docs/configuring-dns.md index 8b80613a..8d31ab3f 100644 --- a/docs/configuring-dns.md +++ b/docs/configuring-dns.md @@ -28,22 +28,22 @@ If you are using Cloudflare DNS, make sure to disable the proxy and set all reco ## DNS settings for optional services/features -| Type | Host | Priority | Weight | Port | Target | Used by component | -| ----- | ------------------------------ | -------- | ------ | ---- | --------------------------- | ----------------------------------------------------------------------------------------------------------------------- | -| SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.` | [ma1sd](configuring-playbook-ma1sd.md) identity server | -| CNAME | `dimension` | - | - | - | `matrix.` | [Dimension](configuring-playbook-dimension.md) integration server | -| CNAME | `jitsi` | - | - | - | `matrix.` | [Jitsi](configuring-playbook-jitsi.md) video-conferencing platform | -| CNAME | `stats` | - | - | - | `matrix.` | [Prometheus/Grafana](configuring-playbook-prometheus-grafana.md) monitoring system | -| CNAME | `goneb` | - | - | - | `matrix.` | [Go-NEB](configuring-playbook-bot-go-neb.md) bot | -| CNAME | `sygnal` | - | - | - | `matrix.` | [Sygnal](configuring-playbook-sygnal.md) push notification gateway | -| CNAME | `ntfy` | - | - | - | `matrix.` | [ntfy](configuring-playbook-ntfy.md) push notifications server | -| CNAME | `hydrogen` | - | - | - | `matrix.` | [Hydrogen](configuring-playbook-client-hydrogen.md) web client | -| CNAME | `cinny` | - | - | - | `matrix.` | [Cinny](configuring-playbook-client-cinny.md) web client | -| CNAME | `buscarron` | - | - | - | `matrix.` | [Buscarron](configuring-playbook-bot-buscarron.md) helpdesk bot | -| MX | `matrix` | 10 | 0 | - | `matrix.` | [Postmoogle](configuring-playbook-bot-postmoogle.md)/[Email2Matrix](configuring-playbook-email2matrix.md) email bridges | -| TXT | `matrix` | - | - | - | `v=spf1 ip4: -all` | [Postmoogle](configuring-playbook-bot-postmoogle.md)/[Email2Matrix](configuring-playbook-email2matrix.md) email bridges | -| TXT | `_dmarc.matrix` | - | - | - | `v=DMARC1; p=quarantine;` | [Postmoogle](configuring-playbook-bot-postmoogle.md)/[Email2Matrix](configuring-playbook-email2matrix.md) email bridges | -| TXT | `postmoogle._domainkey.matrix` | - | - | - | get it from `!pm dkim` | [Postmoogle](configuring-playbook-bot-postmoogle.md)/[Email2Matrix](configuring-playbook-email2matrix.md) email bridges | +| Used by component | Type | Host | Priority | Weight | Port | Target | +| ----------------------------------------------------------------------------------------------------------------------- | ----- | ------------------------------ | -------- | ------ | ---- | --------------------------- | +| [ma1sd](configuring-playbook-ma1sd.md) identity server | SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.` | +| [Dimension](configuring-playbook-dimension.md) integration server | CNAME | `dimension` | - | - | - | `matrix.` | +| [Jitsi](configuring-playbook-jitsi.md) video-conferencing platform | CNAME | `jitsi` | - | - | - | `matrix.` | +| [Prometheus/Grafana](configuring-playbook-prometheus-grafana.md) monitoring system | CNAME | `stats` | - | - | - | `matrix.` | +| [Go-NEB](configuring-playbook-bot-go-neb.md) bot | CNAME | `goneb` | - | - | - | `matrix.` | +| [Sygnal](configuring-playbook-sygnal.md) push notification gateway | CNAME | `sygnal` | - | - | - | `matrix.` | +| [ntfy](configuring-playbook-ntfy.md) push notifications server | CNAME | `ntfy` | - | - | - | `matrix.` | +| [Hydrogen](configuring-playbook-client-hydrogen.md) web client | CNAME | `hydrogen` | - | - | - | `matrix.` | +| [Cinny](configuring-playbook-client-cinny.md) web client | CNAME | `cinny` | - | - | - | `matrix.` | +| [Buscarron](configuring-playbook-bot-buscarron.md) helpdesk bot | CNAME | `buscarron` | - | - | - | `matrix.` | +| [Postmoogle](configuring-playbook-bot-postmoogle.md)/[Email2Matrix](configuring-playbook-email2matrix.md) email bridges | MX | `matrix` | 10 | 0 | - | `matrix.` | +| [Postmoogle](configuring-playbook-bot-postmoogle.md) email bridge | TXT | `matrix` | - | - | - | `v=spf1 ip4: -all` | +| [Postmoogle](configuring-playbook-bot-postmoogle.md) email bridge | TXT | `_dmarc.matrix` | - | - | - | `v=DMARC1; p=quarantine;` | +| [Postmoogle](configuring-playbook-bot-postmoogle.md) email bridge | TXT | `postmoogle._domainkey.matrix` | - | - | - | get it from `!pm dkim` | ## Subdomains setup From 5cfb0fb47799d2eac6ad0437a5548e44a5dd91f3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 9 Sep 2022 15:06:12 +0300 Subject: [PATCH 13/55] Update Email2Matrix docs page --- docs/configuring-playbook-email2matrix.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/configuring-playbook-email2matrix.md b/docs/configuring-playbook-email2matrix.md index 9bebe0e9..56e181f1 100644 --- a/docs/configuring-playbook-email2matrix.md +++ b/docs/configuring-playbook-email2matrix.md @@ -1,6 +1,7 @@ # Setting up Email2Matrix (optional) **Note**: email bridging can also happen via the [Postmoogle](configuring-playbook-bot-postmoogle.md) bot supported by the playbook. +Postmoogle is much more powerful and easier to use, so we recommend that you use it, instead of Email2Matrix. The playbook can install and configure [email2matrix](https://github.com/devture/email2matrix) for you. @@ -9,6 +10,10 @@ See the project's [documentation](https://github.com/devture/email2matrix/blob/m ## Preparation +### DNS configuration + +It's not strictly necessary, but you may increase the chances that incoming emails reach your server by adding an `MX` record for `matrix.DOMAIN`, as described in the [Configuring DNS](configuring-dns.md) documentation page. + ### Port availability Ensure that port 25 is available on your Matrix server and open in your firewall. From b510848c6d35501358b045e9de492c5dbbc7a176 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 9 Sep 2022 15:13:35 +0300 Subject: [PATCH 14/55] Mention that bot.cactusbot is created automatically Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2089 --- docs/configuring-playbook-cactus-comments.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-cactus-comments.md b/docs/configuring-playbook-cactus-comments.md index 58a989e8..00c76f54 100644 --- a/docs/configuring-playbook-cactus-comments.md +++ b/docs/configuring-playbook-cactus-comments.md @@ -38,8 +38,10 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start ## Usage -To get started wit cactus comments message `@bot.cactusbot:your-homeserver.com` and type `help` to make sure it works. -Then register a site by typing: `register `. You will then be invited into a moderation room. +Upon starting Cactus Comments, a `bot.cactusbot` user account is created automatically. + +To get started, send a `help` message to the `@bot.cactusbot:your-homeserver.com` bot to confirm it's working. +Then, register a site by typing: `register `. You will then be invited into a moderation room. Now you are good to go and can include the comment section on your website! **Careful:** To really make use of self-hosting you need change a few things in comparison to the official docs! From d6bd39c79d3f473d357559eb239eb4042f9b5feb Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 9 Sep 2022 15:18:57 +0300 Subject: [PATCH 15/55] Add missing quotes Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2089 --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index d96af363..31ca6133 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1354,7 +1354,7 @@ matrix_cactus_comments_systemd_required_services_list: | (['matrix-' + matrix_homeserver_implementation + '.service']) }} -matrix_cactus_comments_client_nginx_path: {{ '/cactus-comments/' if matrix_nginx_proxy_enabled else matrix_cactus_comments_client_path + '/' }} +matrix_cactus_comments_client_nginx_path: "{{ '/cactus-comments/' if matrix_nginx_proxy_enabled else matrix_cactus_comments_client_path + '/' }}" ###################################################################### # From 5c954b0d5a99482332bff90cae17abeb47068d71 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Fri, 9 Sep 2022 15:55:53 +0000 Subject: [PATCH 16/55] Update Grafana 9.1.3 -> 9.1.4 --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index dcd07bf5..5484ed19 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -5,7 +5,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 9.1.3 +matrix_grafana_version: 9.1.4 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From 8778c14fe27c304507c156f3f86762e9acf15fff Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 9 Sep 2022 21:03:41 +0300 Subject: [PATCH 17/55] Upgrade Dendrite (0.9.6 -> 0.9.7) --- roles/matrix-dendrite/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-dendrite/defaults/main.yml b/roles/matrix-dendrite/defaults/main.yml index 28f542e1..db10bafc 100644 --- a/roles/matrix-dendrite/defaults/main.yml +++ b/roles/matrix-dendrite/defaults/main.yml @@ -6,7 +6,7 @@ matrix_dendrite_enabled: true matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}" matrix_dendrite_docker_image_name_prefix: "docker.io/" -matrix_dendrite_docker_image_tag: "v0.9.6" +matrix_dendrite_docker_image_tag: "v0.9.7" matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}" matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite" From 11f2cda21a9e8f8d3a060131c210c8cad55994bc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 9 Sep 2022 21:06:17 +0300 Subject: [PATCH 18/55] Upgrade Certbot (1.28 -> 1.30) --- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 8cf24a22..eec28bee 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -547,7 +547,7 @@ matrix_ssl_lets_encrypt_staging: false # Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#changing-the-acme-server matrix_ssl_lets_encrypt_server: '' -matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.28.0" +matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.30.0" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_support_email: ~ From f12206676f295ad4533e308b54a6b8b4eea9ae89 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 13 Sep 2022 15:45:08 +0300 Subject: [PATCH 19/55] Upgrade Synapse (v1.66.0 -> 1.67.0) and remove `frontend_proxy` workers `frontend_proxy` workers have been superseded by `generic_worker` workers. Related to https://github.com/matrix-org/synapse/pull/13645 --- group_vars/matrix_servers | 1 - roles/matrix-nginx-proxy/defaults/main.yml | 1 - .../nginx/conf.d/matrix-synapse.conf.j2 | 30 ------------------- roles/matrix-synapse/defaults/main.yml | 8 +---- .../tasks/synapse/workers/init.yml | 12 -------- .../matrix-synapse/tasks/validate_config.yml | 3 ++ .../templates/synapse/worker.yaml.j2 | 4 +-- roles/matrix-synapse/vars/workers.yml | 29 ++---------------- 8 files changed, 8 insertions(+), 80 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 31ca6133..c0d831e1 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1762,7 +1762,6 @@ matrix_nginx_proxy_synapse_generic_worker_client_server_locations: "{{ matrix_sy matrix_nginx_proxy_synapse_generic_worker_federation_locations: "{{ matrix_synapse_workers_generic_worker_federation_endpoints }}" matrix_nginx_proxy_synapse_media_repository_locations: "{{matrix_synapse_workers_media_repository_endpoints|default([]) }}" matrix_nginx_proxy_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_endpoints|default([]) }}" -matrix_nginx_proxy_synapse_frontend_proxy_locations: "{{ matrix_synapse_workers_frontend_proxy_endpoints|default([]) }}" matrix_nginx_proxy_systemd_wanted_services_list: | {{ diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index eec28bee..a7484215 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -625,7 +625,6 @@ matrix_nginx_proxy_synapse_generic_worker_client_server_locations: [] matrix_nginx_proxy_synapse_generic_worker_federation_locations: [] matrix_nginx_proxy_synapse_media_repository_locations: [] matrix_nginx_proxy_synapse_user_dir_locations: [] -matrix_nginx_proxy_synapse_frontend_proxy_locations: [] # synapse content caching matrix_nginx_proxy_synapse_cache_enabled: false diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index 735f4538..81e31a7c 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -3,7 +3,6 @@ {% set generic_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'generic_worker') | list %} {% set media_repository_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'media_repository') | list %} {% set user_dir_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'user_dir') | list %} -{% set frontend_proxy_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'frontend_proxy') | list %} {% if matrix_nginx_proxy_synapse_workers_enabled %} {% if matrix_nginx_proxy_synapse_cache_enabled %} proxy_cache_path {{ matrix_nginx_proxy_synapse_cache_path }} levels=1:2 keys_zone={{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}:{{ matrix_nginx_proxy_synapse_cache_keys_zone_size }} inactive={{ matrix_nginx_proxy_synapse_cache_inactive_time }} max_size={{ matrix_nginx_proxy_synapse_cache_max_size_mb }}m; @@ -26,18 +25,6 @@ } {% endif %} - {% if frontend_proxy_workers %} - upstream frontend_proxy_upstream { - {% for worker in frontend_proxy_workers %} - {% if matrix_nginx_proxy_enabled %} - server "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.port }}"; - {% else %} - server "127.0.0.1:{{ worker.port }}"; - {% endif %} - {% endfor %} - } - {% endif %} - {% if media_repository_workers %} upstream media_repository_upstream { {% for worker in media_repository_workers %} @@ -120,23 +107,6 @@ server { } {% endfor %} {% endif %} - - {% if frontend_proxy_workers %} - # https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappfrontend_proxy - {% for location in matrix_nginx_proxy_synapse_frontend_proxy_locations %} - location ~ {{ location }} { - proxy_pass http://frontend_proxy_upstream$request_uri; - proxy_set_header Host $host; - } - {% endfor %} - {% if matrix_nginx_proxy_synapse_presence_disabled %} - # FIXME: keep in sync with synapse workers documentation manually - location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/[^/]+/status { - proxy_pass http://frontend_proxy_upstream$request_uri; - proxy_set_header Host $host; - } - {% endif %} - {% endif %} {# Workers redirects END #} {% endif %} diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index a25d2d3f..a7dab5b6 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.66.0 +matrix_synapse_version: v1.67.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" @@ -398,7 +398,6 @@ matrix_synapse_workers_presets: federation_sender_workers_count: 1 media_repository_workers_count: 0 user_dir_workers_count: 0 - frontend_proxy_workers_count: 0 one-of-each: generic_workers_count: 1 pusher_workers_count: 1 @@ -410,7 +409,6 @@ matrix_synapse_workers_presets: # user_dir workers are deprecated since Synapse v1.59. This will be removed. # See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types user_dir_workers_count: 0 - frontend_proxy_workers_count: 1 # Controls whether the matrix-synapse container exposes the various worker ports # (see `port` and `metrics_port` in `matrix_synapse_workers_enabled_list`) outside of the container. @@ -452,10 +450,6 @@ matrix_synapse_workers_user_dir_workers_count: 0 matrix_synapse_workers_user_dir_workers_port_range_start: 18661 matrix_synapse_workers_user_dir_workers_metrics_range_start: 19661 -matrix_synapse_workers_frontend_proxy_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['frontend_proxy_workers_count'] }}" -matrix_synapse_workers_frontend_proxy_workers_port_range_start: 18771 -matrix_synapse_workers_frontend_proxy_workers_metrics_range_start: 19771 - # Default list of workers to spawn. # # Unless you populate this manually, this list is dynamically generated diff --git a/roles/matrix-synapse/tasks/synapse/workers/init.yml b/roles/matrix-synapse/tasks/synapse/workers/init.yml index 4b007bc3..3aa61923 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/init.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/init.yml @@ -56,16 +56,6 @@ register: "matrix_synapse_workers_list_results_media_repository_workers" loop: "{{ range(0, matrix_synapse_workers_media_repository_workers_count | int) | list }}" -- name: Build frontend_proxy workers - ansible.builtin.set_fact: - worker: - type: 'frontend_proxy' - instanceId: "{{ matrix_synapse_workers_frontend_proxy_workers_port_range_start + item }}" - port: "{{ matrix_synapse_workers_frontend_proxy_workers_port_range_start + item }}" - metrics_port: "{{ matrix_synapse_workers_frontend_proxy_workers_metrics_range_start + item }}" - register: "matrix_synapse_workers_list_results_frontend_proxy_workers" - loop: "{{ range(0, matrix_synapse_workers_frontend_proxy_workers_count | int) | list }}" - - ansible.builtin.set_fact: matrix_synapse_dynamic_workers_list: "{{ matrix_synapse_dynamic_workers_list | default([]) + [item.ansible_facts.worker] }}" with_items: | @@ -79,8 +69,6 @@ matrix_synapse_workers_list_results_appservice_workers.results + matrix_synapse_workers_list_results_media_repository_workers.results - + - matrix_synapse_workers_list_results_frontend_proxy_workers.results }} - ansible.builtin.set_fact: diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/matrix-synapse/tasks/validate_config.yml index d32fce97..bcb71c75 100644 --- a/roles/matrix-synapse/tasks/validate_config.yml +++ b/roles/matrix-synapse/tasks/validate_config.yml @@ -62,6 +62,9 @@ - {'old': 'matrix_synapse_version_arm64', 'new': ''} - {'old': 'matrix_synapse_enable_group_creation', 'new': ''} - {'old': 'matrix_synapse_account_threepid_delegates_email', 'new': ''} + - {'old': 'matrix_synapse_workers_frontend_proxy_workers_count', 'new': ''} + - {'old': 'matrix_synapse_workers_frontend_proxy_workers_port_range_start', 'new': ''} + - {'old': 'matrix_synapse_workers_frontend_proxy_workers_metrics_range_start', 'new': ''} - name: (Deprecation) Catch and report renamed settings in matrix_synapse_configuration_extension_yaml ansible.builtin.fail: diff --git a/roles/matrix-synapse/templates/synapse/worker.yaml.j2 b/roles/matrix-synapse/templates/synapse/worker.yaml.j2 index 239de1f2..33789b0c 100644 --- a/roles/matrix-synapse/templates/synapse/worker.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/worker.yaml.j2 @@ -11,7 +11,7 @@ worker_replication_http_port: {{ matrix_synapse_replication_http_port }} {% set http_resources = [] %} -{% if matrix_synapse_worker_details.type in ['generic_worker', 'frontend_proxy', 'user_dir'] %} +{% if matrix_synapse_worker_details.type in ['generic_worker', 'user_dir'] %} {% set http_resources = http_resources + ['client'] %} {% endif %} {% if matrix_synapse_worker_details.type in ['generic_worker'] %} @@ -38,7 +38,7 @@ worker_listeners: {% endif %} {% endif %} -{% if matrix_synapse_worker_details.type == 'frontend_proxy' %} +{% if matrix_synapse_worker_details.type == 'generic_worker' %} worker_main_http_uri: http://matrix-synapse:{{ matrix_synapse_container_client_api_port }} {% endif %} diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml index e535d2cc..3f34bcb2 100644 --- a/roles/matrix-synapse/vars/workers.yml +++ b/roles/matrix-synapse/vars/workers.yml @@ -55,10 +55,12 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/client/(api/v1|r0|v3|unstable)/search$ # Encryption requests + # Note that ^/_matrix/client/(r0|v3|unstable)/keys/upload/ requires `worker_main_http_uri` - ^/_matrix/client/(r0|v3|unstable)/keys/query$ - ^/_matrix/client/(r0|v3|unstable)/keys/changes$ - ^/_matrix/client/(r0|v3|unstable)/keys/claim$ - ^/_matrix/client/(r0|v3|unstable)/room_keys/ + - ^/_matrix/client/(r0|v3|unstable)/keys/upload/ # Registration/login requests - ^/_matrix/client/(api/v1|r0|v3|unstable)/login$ @@ -172,7 +174,6 @@ matrix_synapse_workers_generic_worker_endpoints: # Additionally, the writing of specific streams (such as events) can be moved off # of the main process to a particular worker. - # (This is only supported with Redis-based replication.) # To enable this, the worker must have a HTTP replication listener configured, # have a `worker_name` and be listed in the `instance_map` config. The same worker @@ -432,35 +433,9 @@ matrix_synapse_workers_user_dir_endpoints: # If `update_user_directory` is set to `false`, and this worker is not running, # the above endpoint may give outdated results. -matrix_synapse_workers_frontend_proxy_endpoints: - # Proxies some frequently-requested client endpoints to add caching and remove - # load from the main synapse. It can handle REST endpoints matching the following - # regular expressions: - - - ^/_matrix/client/(r0|v3|unstable)/keys/upload - - # If `use_presence` is False in the homeserver config, it can also handle REST - # endpoints matching the following regular expressions: - - # FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually - # ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/[^/]+/status - - # This "stub" presence handler will pass through `GET` request but make the - # `PUT` effectively a no-op. - - # It will proxy any requests it cannot handle to the main synapse instance. It - # must therefore be configured with the location of the main instance, via - # the `worker_main_http_uri` setting in the `frontend_proxy` worker configuration - # file. For example: - - # ```yaml - # worker_main_http_uri: http://127.0.0.1:8008 - # ``` - matrix_synapse_workers_avail_list: - appservice - federation_sender - - frontend_proxy - generic_worker - media_repository - pusher From afe5a016cb70238668709cf4704de2955a3376f7 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 13 Sep 2022 13:48:57 +0000 Subject: [PATCH 20/55] Update Grafana 9.1.4 -> 9.1.5 --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index 5484ed19..dda120a2 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -5,7 +5,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 9.1.4 +matrix_grafana_version: 9.1.5 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From c29a39a6fb56754b9549fcd3ef9d8893336d6f16 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 13 Sep 2022 13:49:39 +0000 Subject: [PATCH 21/55] Update Element 1.11.4 -> 1.11.5 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index c4e187a9..4898e9ca 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.4 +matrix_client_element_version: v1.11.5 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 83482721f8c849cd71f94ec933852e8d9b420e55 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 13 Sep 2022 13:51:32 +0000 Subject: [PATCH 22/55] Update Coturn 4.5.2-r14 -> 4.6.0-r0 --- roles/matrix-coturn/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index bc87d654..b2aff984 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -8,7 +8,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}" matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile" -matrix_coturn_version: 4.5.2-r14 +matrix_coturn_version: 4.6.0-r0 matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine" matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}" From 2edd9a056e7a5ac5bb6159ba7d504995f361df11 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 13 Sep 2022 13:52:36 +0000 Subject: [PATCH 23/55] Update Appservice IRC 0.34.0 -> 0.35.0 --- roles/matrix-bridge-appservice-irc/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml index 93a8e084..fb0f3a33 100644 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml @@ -11,7 +11,7 @@ matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appser # matrix_appservice_irc_version used to contain the full Docker image tag (e.g. `release-X.X.X`). # It's a bare version number now. We try to somewhat retain compatibility below. -matrix_appservice_irc_version: 0.34.0 +matrix_appservice_irc_version: 0.35.0 matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_docker_image_tag }}" matrix_appservice_irc_docker_image_tag: "{{ 'latest' if matrix_appservice_irc_version == 'latest' else ('release-' + matrix_appservice_irc_version) }}" matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" From 17e6c52cbf64882cca428ece1f0dc6730b0a813f Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 13 Sep 2022 13:53:45 +0000 Subject: [PATCH 24/55] Update Dendrite 0.9.7 -> 0.9.8 --- roles/matrix-dendrite/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-dendrite/defaults/main.yml b/roles/matrix-dendrite/defaults/main.yml index db10bafc..2a6c4fd6 100644 --- a/roles/matrix-dendrite/defaults/main.yml +++ b/roles/matrix-dendrite/defaults/main.yml @@ -6,7 +6,7 @@ matrix_dendrite_enabled: true matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}" matrix_dendrite_docker_image_name_prefix: "docker.io/" -matrix_dendrite_docker_image_tag: "v0.9.7" +matrix_dendrite_docker_image_tag: "v0.9.8" matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}" matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite" From ef523d68a4230233b61b1c41f3bf8fada08cfcd8 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 14 Sep 2022 08:13:01 +0300 Subject: [PATCH 25/55] Suppress errors in docker kill/rm calls for Synapse workers We do the same everywhere else. This is an omission. --- .../synapse/systemd/matrix-synapse-worker.service.j2 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 index c7ef13fa..4a38251d 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 @@ -8,8 +8,8 @@ After=matrix-synapse.service Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_docker }} kill {{ matrix_synapse_worker_container_name }} -ExecStartPre=-{{ matrix_host_command_docker }} rm {{ matrix_synapse_worker_container_name }} +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill {{ matrix_synapse_worker_container_name }} 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm {{ matrix_synapse_worker_container_name }} 2>/dev/null || true' # Intentional delay, so that the homeserver can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -46,8 +46,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name {{ matrix_synapse_wor run -m synapse.app.{{ matrix_synapse_worker_details.type }} -c /data/homeserver.yaml -c /data/{{ matrix_synapse_worker_config_file_name }} -ExecStop=-{{ matrix_host_command_docker }} kill {{ matrix_synapse_worker_container_name }} -ExecStop=-{{ matrix_host_command_docker }} rm {{ matrix_synapse_worker_container_name }} +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill {{ matrix_synapse_worker_container_name }} 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm {{ matrix_synapse_worker_container_name }} 2>/dev/null || true' ExecReload={{ matrix_host_command_docker }} exec {{ matrix_synapse_worker_container_name }} /bin/sh -c 'kill -HUP 1' Restart=always From cb2e57e33ad6e95b18a93b0c366f45f4be224c12 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 14 Sep 2022 09:58:33 +0000 Subject: [PATCH 26/55] Update Postmoogle 0.9.1 -> 0.9.2 --- roles/matrix-bot-postmoogle/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-postmoogle/defaults/main.yml b/roles/matrix-bot-postmoogle/defaults/main.yml index 6f7a96cc..b411f70d 100644 --- a/roles/matrix-bot-postmoogle/defaults/main.yml +++ b/roles/matrix-bot-postmoogle/defaults/main.yml @@ -9,7 +9,7 @@ matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git" matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}" matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src" -matrix_bot_postmoogle_version: v0.9.1 +matrix_bot_postmoogle_version: v0.9.2 matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}postmoogle:{{ matrix_bot_postmoogle_version }}" matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}" From a7067b054d065d419ae632a537891baa88b93e69 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Sep 2022 17:19:47 +0000 Subject: [PATCH 27/55] Bump frenck/action-yamllint from 1.2.0 to 1.3.0 Bumps [frenck/action-yamllint](https://github.com/frenck/action-yamllint) from 1.2.0 to 1.3.0. - [Release notes](https://github.com/frenck/action-yamllint/releases) - [Commits](https://github.com/frenck/action-yamllint/compare/v1.2.0...v1.3.0) --- updated-dependencies: - dependency-name: frenck/action-yamllint dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/matrix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml index aa107858..f63eade4 100644 --- a/.github/workflows/matrix.yml +++ b/.github/workflows/matrix.yml @@ -13,7 +13,7 @@ jobs: - name: Check out uses: actions/checkout@v3 - name: Run yamllint - uses: frenck/action-yamllint@v1.2.0 + uses: frenck/action-yamllint@v1.3.0 ansible-lint: name: ansible-lint runs-on: ubuntu-latest From fde5fef8b389b0d6a98b61914712f8e3f52d4676 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 14 Sep 2022 20:44:35 +0300 Subject: [PATCH 28/55] Fix Cactus Comments nginx injection when matrix-nginx-proxy disabled Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2101 Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2089 --- roles/matrix-cactus-comments/tasks/init.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/matrix-cactus-comments/tasks/init.yml b/roles/matrix-cactus-comments/tasks/init.yml index 78cdd319..9a15cf89 100644 --- a/roles/matrix-cactus-comments/tasks/init.yml +++ b/roles/matrix-cactus-comments/tasks/init.yml @@ -35,17 +35,18 @@ ansible.builtin.set_fact: matrix_nginx_proxy_container_additional_volumes: > {{ - matrix_nginx_proxy_container_additional_volumes | default([]) + matrix_nginx_proxy_container_additional_volumes | default([]) + [{"src": "{{ matrix_cactus_comments_client_path }}", "dst": "/cactus-comments/cactus-comments", "options": "ro"}] }} + - name: Generate Cactus Comment proxying configuration for matrix-nginx-proxy ansible.builtin.set_fact: matrix_cactus_comments_nginx_proxy_configuration: | location {{ matrix_cactus_comments_client_endpoint }} { root {{ matrix_cactus_comments_client_nginx_path }}; } - when: "matrix_nginx_proxy_enabled | default(False) | bool" + - name: Register Cactus Comment proxying configuration with matrix-nginx-proxy ansible.builtin.set_fact: matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | @@ -54,6 +55,7 @@ + [matrix_cactus_comments_nginx_proxy_configuration] }} + - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: msg: >- From 05819056bc16b7e5ba2e75060bf1e9dcb003f999 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 14 Sep 2022 20:54:00 +0300 Subject: [PATCH 29/55] Document that using Synapse workers with not-matrix-nginx-proxy causes troubles Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2090 --- docs/configuring-playbook-synapse.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-synapse.md b/docs/configuring-playbook-synapse.md index 50860a17..7c38b5cc 100644 --- a/docs/configuring-playbook-synapse.md +++ b/docs/configuring-playbook-synapse.md @@ -42,7 +42,7 @@ matrix_postgres_process_extra_arguments: [ ] ``` -If you're using the default setup (the `matrix-nginx-proxy` webserver being enabled) or you're using your own `nginx` server (which imports the configuration files generated by the playbook), you're good to go. If you use some other webserver, you may need to tweak your reverse-proxy setup manually to forward traffic to the various workers. +**NOTE**: Disabling `matrix-nginx-proxy` (`matrix_nginx_proxy_enabled: false`) (that is, [using your own other webserver](configuring-playbook-own-webserver.md) when running a Synapse worker setup is likely to cause various troubles (see [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2090)). In case any problems occur, make sure to have a look at the [list of synapse issues about workers](https://github.com/matrix-org/synapse/issues?q=workers+in%3Atitle) and your `journalctl --unit 'matrix-*'`. From 99f4f5edc77011189fdbd0eacabf14df36624bb0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 15 Sep 2022 07:46:17 +0300 Subject: [PATCH 30/55] Add note that disabling matrix-nginx-proxy may be a bad idea sometimes Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2090 --- docs/configuring-playbook-own-webserver.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-own-webserver.md b/docs/configuring-playbook-own-webserver.md index 76fa2d8b..7e5d6001 100644 --- a/docs/configuring-playbook-own-webserver.md +++ b/docs/configuring-playbook-own-webserver.md @@ -1,11 +1,14 @@ # Using your own webserver, instead of this playbook's nginx proxy (optional, advanced) -By default, this playbook installs its own nginx webserver (in a Docker container) which listens on ports 80 and 443. +By default, this playbook installs its own nginx webserver (called `matrix-nginx-proxy`, in a Docker container) which listens on ports 80 and 443. If that's alright, you can skip this. If you don't want this playbook's nginx webserver to take over your server's 80/443 ports like that, and you'd like to use your own webserver (be it nginx, Apache, Varnish Cache, etc.), you can. +You should note, however, that the playbook's services work best when you keep using the integrated `matrix-nginx-proxy` webserver. +For example, disabling `matrix-nginx-proxy` when running a [Synapse worker setup for load-balancing](configuring-playbook-synapse.md#load-balancing-with-workers) (a more advanced, non-default configuration) is likely to cause various troubles (see [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2090)). If you need a such more scalable setup, disabling `matrix-nginx-proxy` will be a bad idea. If yours will be a simple (default, non-worker-load-balancing) deployment, disabling `matrix-nginx-proxy` may be fine. + There are **2 ways you can go about it**, if you'd like to use your own webserver: - [Method 1: Disabling the integrated nginx reverse-proxy webserver](#method-1-disabling-the-integrated-nginx-reverse-proxy-webserver) From 226c550ffafc08d3d34d4a92882ed3729124faa0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 15 Sep 2022 07:05:25 +0300 Subject: [PATCH 31/55] Add support for stream writer Synapse workers As stream writer workers are also powered by the `generic_worker` Synapse app, this necessitated that we provide means for distinguishing between them and regular `generic_workers`. I've also taken the time to optimize nginx configuration generation (more Jinja2 macro usage, less duplication). Worker names have also changed. Workers are now named sequentially like this: - `matrix-synapse-worker-0-generic` - `matrix-synapse-worker-1-stream-writer-typing` - `matrix-synapse-worker-2-pusher` instead of `matrix-synapse-worker_generic_worker-18111` (indexed with a port number). People who modify `matrix_synapse_workers_enabled_list` directly will need to adjust their configuration. --- CHANGELOG.md | 39 ++++++ ...configuring-playbook-prometheus-grafana.md | 8 +- group_vars/matrix_servers | 7 + roles/matrix-nginx-proxy/defaults/main.yml | 5 + .../nginx/conf.d/matrix-synapse.conf.j2 | 125 +++++++++++------- .../templates/prometheus.yml.j2 | 5 +- roles/matrix-synapse/defaults/main.yml | 112 ++++++++++++++-- roles/matrix-synapse/tasks/init.yml | 10 +- .../tasks/synapse/workers/init.yml | 50 ++++++- .../inject_systemd_services_for_worker.yml | 19 --- .../synapse/workers/util/inject_worker.yml | 65 +++++++++ .../workers/util/setup_files_for_worker.yml | 10 +- .../matrix-synapse/tasks/validate_config.yml | 5 + .../templates/synapse/homeserver.yaml.j2 | 8 +- .../external_prometheus.yml.example.j2 | 7 +- .../systemd/matrix-synapse-worker.service.j2 | 2 +- .../synapse/systemd/matrix-synapse.service.j2 | 2 +- .../templates/synapse/worker.yaml.j2 | 36 +++-- roles/matrix-synapse/vars/main.yml | 55 ++++++++ 19 files changed, 449 insertions(+), 121 deletions(-) delete mode 100644 roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml create mode 100644 roles/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index df4957eb..2b9b149e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,42 @@ +# 2022-09-15 + +## (Potential Backward Compatibility Break) Major changes to Synapse workers + +People who are interested in running a Synapse worker setup should know that **our Synapse worker implementation is much more powerful now**: + +- we've added [Stream writers support](#stream-writers-support) +- see the [Potential Backward Incompatibilities after these Synapse worker changes](#potential-backward-incompatibilities-after-these-synapse-worker-changes) + +### Stream writers support + +From now on, the playbook lets you easily set up various [stream writer workers](https://matrix-org.github.io/synapse/latest/workers.html#stream-writers) which can handle different streams (`events` stream; `typing` URL endpoints, `to_device` URL endpoints, `account_data` URL endpoints, `receipts` URL endpoints, `presence` URL endpoints). All of this work was previously handled by the main Synapse process, but can now be offloaded to stream writer worker processes. + +If you're using `matrix_synapse_workers_preset: one-of-each`, you'll automatically get 6 additional workers (one for each of the above stream types). Our `little-federation-helper` preset (meant to be quite minimal and focusing in improved federation performance) does not include stream writer workers. + +If you'd like to customize the number of workers we also make that possible using these variables: + +```yaml +# Synapse only supports more than 1 worker for the `events` stream. +# All other streams can utilize either 0 or 1 workers, not more than that. +matrix_synapse_workers_stream_writer_events_stream_workers_count: 5 +matrix_synapse_workers_stream_writer_typing_stream_workers_count: 1 +matrix_synapse_workers_stream_writer_to_device_stream_workers_count: 1 +matrix_synapse_workers_stream_writer_account_data_stream_workers_count: 1 +matrix_synapse_workers_stream_writer_receipts_stream_workers_count: 1 +matrix_synapse_workers_stream_writer_presence_stream_workers_count: 1 +``` + +### Potential Backward Incompatibilities after these Synapse worker changes + +Below we'll discuss **potential backward incompatibilities**. + +- **Worker names** (container names, systemd services, worker configuration files) **have changed**. Workers are now labeled sequentially (e.g. `matrix-synapse-worker_generic_worker-18111` -> `matrix-synapse-worker-generic-0`). The playbook will handle these changes automatically. + +- **Metric endpoints have also changed** (`/metrics/synapse/worker/generic_worker-18111` -> `/metrics/synapse/worker/generic-worker-0`). If you're [collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server), consider revisiting our [Collecting Synapse worker metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-synapse-worker-metrics-to-an-external-prometheus-server) docs and updating your Prometheus configuration. **If you're collecting metrics to the integrated Prometheus server** (not enabled by default), **your Prometheus configuration will be updated automatically**. Old data (from before this change) may stick around though. + +- **the format of `matrix_synapse_workers_enabled_list` has changed**. You were never advised to use this variable for directly creating workers (we advise people to control workers using `matrix_synapse_workers_preset` or by tweaking `matrix_synapse_workers_*_workers_count` variables only), but some people may have started using the `matrix_synapse_workers_enabled_list` variable to gain more control over workers. If you're one of them, you'll need to adjust its value. See `roles/matrix-synapse/defaults/main.yml` for more information on the new format. The playbook will also do basic validation and complain if you got something wrong. + + # 2022-09-09 ## Cactus Comments support diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md index b2878c12..f86566a9 100644 --- a/docs/configuring-playbook-prometheus-grafana.md +++ b/docs/configuring-playbook-prometheus-grafana.md @@ -90,11 +90,11 @@ matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_b Using `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks` only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` (see above). -Note : The playbook will hash the basic_auth password for you on setup. Thus, you need to give the plain-text version of the password as a variable. +Note : The playbook will hash the basic_auth password for you on setup. Thus, you need to give the plain-text version of the password as a variable. ### Collecting Synapse worker metrics to an external Prometheus server -If you are using workers (`matrix_synapse_workers_enabled: true`) and have enabled `matrix_synapse_metrics_proxying_enabled` as described above, the playbook will also automatically expose all Synapse worker threads' metrics to `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID`, where `TYPE` corresponds to the type and `ID` to the instanceId of a worker as exemplified in `matrix_synapse_workers_enabled_list`. +If you are using workers (`matrix_synapse_workers_enabled: true`) and have enabled `matrix_synapse_metrics_proxying_enabled` as described above, the playbook will also automatically expose all Synapse worker threads' metrics to `https://matrix.DOMAIN/metrics/synapse/worker/ID`, where `ID` corresponds to the worker `id` as exemplified in `matrix_synapse_workers_enabled_list`. The playbook also generates an exemplary config file (`/matrix/synapse/external_prometheus.yml.template`) with all the correct paths which you can copy to your Prometheus server and adapt to your needs. Make sure to edit the specified `password_file` path and contents and path to your `synapse-v2.rules`. It will look a bit like this: @@ -111,8 +111,8 @@ scrape_configs: labels: job: "master" index: 1 - - job_name: 'synapse-generic_worker-1' - metrics_path: /metrics/synapse/worker/generic_worker-18111 + - job_name: 'matrix-synapse-synapse-worker-generic-worker-0' + metrics_path: /metrics/synapse/worker/generic-worker-0 scheme: https basic_auth: username: prometheus diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index c0d831e1..e891a3d9 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1760,6 +1760,11 @@ matrix_nginx_proxy_synapse_workers_enabled: "{{ matrix_synapse_workers_enabled } matrix_nginx_proxy_synapse_workers_list: "{{ matrix_synapse_workers_enabled_list }}" matrix_nginx_proxy_synapse_generic_worker_client_server_locations: "{{ matrix_synapse_workers_generic_worker_client_server_endpoints }}" matrix_nginx_proxy_synapse_generic_worker_federation_locations: "{{ matrix_synapse_workers_generic_worker_federation_endpoints }}" +matrix_nginx_proxy_synapse_stream_writer_typing_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_typing_stream_worker_client_server_endpoints }}" +matrix_nginx_proxy_synapse_stream_writer_to_device_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_to_device_stream_worker_client_server_endpoints }}" +matrix_nginx_proxy_synapse_stream_writer_account_data_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_account_data_stream_worker_client_server_endpoints }}" +matrix_nginx_proxy_synapse_stream_writer_receipts_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_receipts_stream_worker_client_server_endpoints }}" +matrix_nginx_proxy_synapse_stream_writer_presence_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_presence_stream_worker_client_server_endpoints }}" matrix_nginx_proxy_synapse_media_repository_locations: "{{matrix_synapse_workers_media_repository_endpoints|default([]) }}" matrix_nginx_proxy_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_endpoints|default([]) }}" @@ -1767,6 +1772,8 @@ matrix_nginx_proxy_systemd_wanted_services_list: | {{ ['matrix-' + matrix_homeserver_implementation + '.service'] + + (matrix_synapse_webserving_workers_systemd_services_list if matrix_homeserver_implementation == 'synapse' and matrix_synapse_workers_enabled) + + (['matrix-corporal.service'] if matrix_corporal_enabled else []) + (['matrix-ma1sd.service'] if matrix_ma1sd_enabled else []) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index a7484215..88c99ea9 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -623,6 +623,11 @@ matrix_nginx_proxy_synapse_workers_enabled: false matrix_nginx_proxy_synapse_workers_list: [] matrix_nginx_proxy_synapse_generic_worker_client_server_locations: [] matrix_nginx_proxy_synapse_generic_worker_federation_locations: [] +matrix_nginx_proxy_synapse_stream_writer_typing_stream_worker_client_server_locations: [] +matrix_nginx_proxy_synapse_stream_writer_to_device_stream_worker_client_server_locations: [] +matrix_nginx_proxy_synapse_stream_writer_account_data_stream_worker_client_server_locations: [] +matrix_nginx_proxy_synapse_stream_writer_receipts_stream_worker_client_server_locations: [] +matrix_nginx_proxy_synapse_stream_writer_presence_stream_worker_client_server_locations: [] matrix_nginx_proxy_synapse_media_repository_locations: [] matrix_nginx_proxy_synapse_user_dir_locations: [] diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index 81e31a7c..bbce7462 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -1,23 +1,52 @@ #jinja2: lstrip_blocks: "True" {% set generic_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'generic_worker') | list %} +{% set stream_writer_typing_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'typing') | list %} +{% set stream_writer_to_device_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'to_device') | list %} +{% set stream_writer_account_data_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'account_data') | list %} +{% set stream_writer_receipts_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'receipts') | list %} +{% set stream_writer_presence_stream_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'stream_writer') | selectattr('stream_writer_stream', 'equalto', 'presence') | list %} {% set media_repository_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'media_repository') | list %} {% set user_dir_workers = matrix_nginx_proxy_synapse_workers_list | selectattr('type', 'equalto', 'user_dir') | list %} + +{% macro render_worker_upstream(name, workers, matrix_nginx_proxy_enabled) %} +{% if workers | length > 0 %} + upstream {{ name }} { + {% for worker in workers %} + {% if matrix_nginx_proxy_enabled %} + server "{{ worker.name }}:{{ worker.port }}"; + {% else %} + server "127.0.0.1:{{ worker.port }}"; + {% endif %} + {% endfor %} + } +{% endif %} +{% endmacro %} + +{% macro render_locations_to_upstream(locations, upstream_name) %} + {% for location in locations %} + location ~ {{ location }} { + proxy_pass http://{{ upstream_name }}$request_uri; + proxy_set_header Host $host; + } + {% endfor %} +{% endmacro %} + {% if matrix_nginx_proxy_synapse_workers_enabled %} {% if matrix_nginx_proxy_synapse_cache_enabled %} proxy_cache_path {{ matrix_nginx_proxy_synapse_cache_path }} levels=1:2 keys_zone={{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}:{{ matrix_nginx_proxy_synapse_cache_keys_zone_size }} inactive={{ matrix_nginx_proxy_synapse_cache_inactive_time }} max_size={{ matrix_nginx_proxy_synapse_cache_max_size_mb }}m; {% endif %} # Round Robin "upstream" pools for workers - {% if generic_workers %} - upstream generic_worker_upstream { + {% if generic_workers |length > 0 %} + upstream generic_workers_upstream { # ensures that requests from the same client will always be passed # to the same server (except when this server is unavailable) hash $http_x_forwarded_for; {% for worker in generic_workers %} {% if matrix_nginx_proxy_enabled %} - server "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.port }}"; + server "{{ worker.name }}:{{ worker.port }}"; {% else %} server "127.0.0.1:{{ worker.port }}"; {% endif %} @@ -25,29 +54,15 @@ } {% endif %} - {% if media_repository_workers %} - upstream media_repository_upstream { - {% for worker in media_repository_workers %} - {% if matrix_nginx_proxy_enabled %} - server "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.port }}"; - {% else %} - server "127.0.0.1:{{ worker.port }}"; - {% endif %} - {% endfor %} - } - {% endif %} + {{ render_worker_upstream('stream_writer_typing_stream_workers_upstream', stream_writer_typing_stream_workers, matrix_nginx_proxy_enabled) }} + {{ render_worker_upstream('stream_writer_to_device_stream_workers_upstream', stream_writer_to_device_stream_workers, matrix_nginx_proxy_enabled) }} + {{ render_worker_upstream('stream_writer_account_data_stream_workers_upstream', stream_writer_account_data_stream_workers, matrix_nginx_proxy_enabled) }} + {{ render_worker_upstream('stream_writer_receipts_stream_workers_upstream', stream_writer_receipts_stream_workers, matrix_nginx_proxy_enabled) }} + {{ render_worker_upstream('stream_writer_presence_stream_workers_upstream', stream_writer_presence_stream_workers, matrix_nginx_proxy_enabled) }} - {% if user_dir_workers %} - upstream user_dir_upstream { - {% for worker in user_dir_workers %} - {% if matrix_nginx_proxy_enabled %} - server "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.port }}"; - {% else %} - server "127.0.0.1:{{ worker.port }}"; - {% endif %} - {% endfor %} - } - {% endif %} + {{ render_worker_upstream('media_repository_workers_upstream', media_repository_workers, matrix_nginx_proxy_enabled) }} + + {{ render_worker_upstream('user_dir_workers_upstream', user_dir_workers, matrix_nginx_proxy_enabled) }} {% endif %} server { @@ -65,21 +80,41 @@ server { {% if matrix_nginx_proxy_synapse_workers_enabled %} {# Workers redirects BEGIN #} - {% if generic_workers %} + {% if generic_workers | length > 0 %} # https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappgeneric_worker - {% for location in matrix_nginx_proxy_synapse_generic_worker_client_server_locations %} - location ~ {{ location }} { - proxy_pass http://generic_worker_upstream$request_uri; - proxy_set_header Host $host; - } - {% endfor %} + {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_generic_worker_client_server_locations, 'generic_workers_upstream') }} {% endif %} - {% if media_repository_workers %} + {% if stream_writer_typing_stream_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream + {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_typing_stream_worker_client_server_locations, 'stream_writer_typing_stream_workers_upstream') }} + {% endif %} + + {% if stream_writer_to_device_stream_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream + {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_to_device_stream_worker_client_server_locations, 'stream_writer_to_device_stream_workers_upstream') }} + {% endif %} + + {% if stream_writer_account_data_stream_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream + {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_account_data_stream_worker_client_server_locations, 'stream_writer_account_data_stream_workers_upstream') }} + {% endif %} + + {% if stream_writer_receipts_stream_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream + {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_receipts_stream_worker_client_server_locations, 'stream_writer_receipts_stream_workers_upstream') }} + {% endif %} + + {% if stream_writer_presence_stream_workers | length > 0 %} + # https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream + {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_stream_writer_presence_stream_worker_client_server_locations, 'stream_writer_presence_stream_workers_upstream') }} + {% endif %} + + {% if media_repository_workers | length > 0 %} # https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappmedia_repository {% for location in matrix_nginx_proxy_synapse_media_repository_locations %} location ~ {{ location }} { - proxy_pass http://media_repository_upstream$request_uri; + proxy_pass http://media_repository_workers_upstream$request_uri; proxy_set_header Host $host; client_body_buffer_size 25M; @@ -97,15 +132,10 @@ server { {% endfor %} {% endif %} - {% if user_dir_workers %} + {% if user_dir_workers | length > 0 %} # FIXME: obsolete if matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled is set # https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappuser_dir - {% for location in matrix_nginx_proxy_synapse_user_dir_locations %} - location ~ {{ location }} { - proxy_pass http://user_dir_upstream$request_uri; - proxy_set_header Host $host; - } - {% endfor %} + {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_user_dir_locations, 'user_dir_workers_upstream') }} {% endif %} {# Workers redirects END #} {% endif %} @@ -150,20 +180,15 @@ server { gzip_types text/plain application/json; {% if matrix_nginx_proxy_synapse_workers_enabled %} - {% if generic_workers %} + {% if generic_workers | length > 0 %} # https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappgeneric_worker - {% for location in matrix_nginx_proxy_synapse_generic_worker_federation_locations %} - location ~ {{ location }} { - proxy_pass http://generic_worker_upstream$request_uri; - proxy_set_header Host $host; - } - {% endfor %} + {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_generic_worker_federation_locations, 'generic_workers_upstream') }} {% endif %} - {% if media_repository_workers %} + {% if media_repository_workers | length > 0 %} # https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappmedia_repository {% for location in matrix_nginx_proxy_synapse_media_repository_locations %} location ~ {{ location }} { - proxy_pass http://media_repository_upstream$request_uri; + proxy_pass http://media_repository_workers_upstream$request_uri; proxy_set_header Host $host; client_body_buffer_size 25M; diff --git a/roles/matrix-prometheus/templates/prometheus.yml.j2 b/roles/matrix-prometheus/templates/prometheus.yml.j2 index f3262f48..628f4f4f 100644 --- a/roles/matrix-prometheus/templates/prometheus.yml.j2 +++ b/roles/matrix-prometheus/templates/prometheus.yml.j2 @@ -37,11 +37,12 @@ scrape_configs: index: 0 {% for worker in matrix_prometheus_scraper_synapse_workers_enabled_list %} {% if worker.metrics_port != 0 %} - - targets: ['matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.metrics_port }}'] + - targets: ['{{ worker.name }}:{{ worker.metrics_port }}'] labels: instance: {{ matrix_domain }} + worker_id: {{ worker.id }} job: {{ worker.type }} - index: {{ worker.instanceId }} + app: {{ worker.app }} {% endif %} {% endfor %} {% endif %} diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index a7dab5b6..4213c4f1 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -398,6 +398,12 @@ matrix_synapse_workers_presets: federation_sender_workers_count: 1 media_repository_workers_count: 0 user_dir_workers_count: 0 + stream_writer_events_stream_workers_count: 0 + stream_writer_typing_stream_workers_count: 0 + stream_writer_to_device_stream_workers_count: 0 + stream_writer_account_data_stream_workers_count: 0 + stream_writer_receipts_stream_workers_count: 0 + stream_writer_presence_stream_workers_count: 0 one-of-each: generic_workers_count: 1 pusher_workers_count: 1 @@ -409,6 +415,12 @@ matrix_synapse_workers_presets: # user_dir workers are deprecated since Synapse v1.59. This will be removed. # See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types user_dir_workers_count: 0 + stream_writer_events_stream_workers_count: 1 + stream_writer_typing_stream_workers_count: 1 + stream_writer_to_device_stream_workers_count: 1 + stream_writer_account_data_stream_workers_count: 1 + stream_writer_receipts_stream_workers_count: 1 + stream_writer_presence_stream_workers_count: 1 # Controls whether the matrix-synapse container exposes the various worker ports # (see `port` and `metrics_port` in `matrix_synapse_workers_enabled_list`) outside of the container. @@ -421,6 +433,71 @@ matrix_synapse_workers_generic_workers_count: "{{ matrix_synapse_workers_presets matrix_synapse_workers_generic_workers_port_range_start: 18111 matrix_synapse_workers_generic_workers_metrics_range_start: 19111 +# matrix_synapse_workers_stream_writer_events_stream_workers_count controls how many stream writers that handle the `events` stream to spawn. +# More than 1 worker is also supported of this type. +matrix_synapse_workers_stream_writer_events_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_events_stream_workers_count'] }}" + +# matrix_synapse_workers_stream_writer_typing_stream_workers_count controls how many stream writers that handle the `typing` stream to spawn. +# The count of these workers can only be 0 or 1. +matrix_synapse_workers_stream_writer_typing_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_typing_stream_workers_count'] }}" + +# matrix_synapse_workers_stream_writer_to_device_stream_workers_count controls how many stream writers that handle the `to_device` stream to spawn. +# The count of these workers can only be 0 or 1. +matrix_synapse_workers_stream_writer_to_device_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_to_device_stream_workers_count'] }}" + +# matrix_synapse_workers_stream_writer_account_data_stream_workers_count controls how many stream writers that handle the `account_data` stream to spawn. +# The count of these workers can only be 0 or 1. +matrix_synapse_workers_stream_writer_account_data_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_account_data_stream_workers_count'] }}" + +# matrix_synapse_workers_stream_writer_receipts_stream_workers_count controls how many stream writers that handle the `receipts` stream to spawn. +# The count of these workers can only be 0 or 1. +matrix_synapse_workers_stream_writer_receipts_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_receipts_stream_workers_count'] }}" + +# matrix_synapse_workers_stream_writer_presence_stream_workers_count controls how many stream writers that handle the `presence` stream to spawn. +# The count of these workers can only be 0 or 1. +matrix_synapse_workers_stream_writer_presence_stream_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['stream_writer_presence_stream_workers_count'] }}" + +# A list of stream writer workers to enable. This list is built automatically based on other variables. +# You're encouraged to enable/disable stream writer workers by setting `matrix_synapse_workers_stream_writer_*_stream_workers_count` variables, instead of adjusting this list manually. +matrix_synapse_workers_stream_writers: | + {{ + [] + + + ([{'stream': 'events'}] * matrix_synapse_workers_stream_writer_events_stream_workers_count | int) + + + ([{'stream': 'typing'}] * matrix_synapse_workers_stream_writer_typing_stream_workers_count | int) + + + ([{'stream': 'to_device'}] * matrix_synapse_workers_stream_writer_to_device_stream_workers_count | int) + + + ([{'stream': 'account_data'}] * matrix_synapse_workers_stream_writer_account_data_stream_workers_count | int) + + + ([{'stream': 'receipts'}] * matrix_synapse_workers_stream_writer_receipts_stream_workers_count | int) + + + ([{'stream': 'presence'}] * matrix_synapse_workers_stream_writer_presence_stream_workers_count | int) + }} + +# matrix_synapse_stream_writers populates the `stream_writers` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`). +# What you see below is an initial default value which will be adjusted at runtime based on the value of `matrix_synapse_workers_stream_writers`. +# Adjusting this value manually is generally not necessary. +# +# It's tempting to initialize this like this: +# matrix_synapse_stream_writers: +# - typing: [] +# - events: [] +# - to_device: [] +# - account_data: [] +# - receipts: [] +# - presence: [] +# .. but Synapse does not like empty lists (see https://github.com/matrix-org/synapse/issues/13804) +matrix_synapse_stream_writers: {} + +# `matrix_synapse_workers_stream_writer_workers_` variables control the port numbers of various stream writer workers +# defined in `matrix_synapse_workers_stream_writers`. +# It should be noted that not all of the background worker types will need to expose HTTP services, etc. +matrix_synapse_workers_stream_writer_workers_http_port_range_start: 20011 +matrix_synapse_workers_stream_writer_workers_replication_port_range_start: 25011 +matrix_synapse_workers_stream_writer_workers_metrics_range_start: 19111 + # matrix_synapse_workers_pusher_workers_count can only be 0 or 1 for now. # More instances are not supported due to a playbook limitation having to do with keeping `pusher_instances` in `homeserver.yaml` updated. # See https://github.com/matrix-org/synapse/commit/ddfdf945064925eba761ae3748e38f3a1c73c328 @@ -463,25 +540,36 @@ matrix_synapse_workers_user_dir_workers_metrics_range_start: 19661 # as certain workers can only be spawned just once. # # Each worker instance in the list defines the following fields: -# - `type` - the type of worker (`generic_worker`, etc.) -# - `instanceId` - a string that identifies the worker. The combination of (`type` + `instanceId`) represents the name of the worker and must be unique. +# - `id` - a string that uniquely identifies the worker +# - `name` - a string that will be used as the container and systemd service name +# - `type` - the type of worker (`generic_worker`, `stream_writer`, `pusher`, etc.) +# - `app` - the Synapse app (https://matrix-org.github.io/synapse/latest/workers.html#available-worker-applications) that powers this worker (`generic_worker`, `federation_sender`, etc.). +# The `app` usually matches the `type`, but not always. For example, `type = stream_writer` workers are served by the `generic_worker` type. # - `port` - an HTTP port where the worker listens for requests (can be `0` for workers that don't do HTTP request processing) # - `metrics_port` - an HTTP port where the worker exports Prometheus metrics +# - `replication_port` - an HTTP port where the worker serves `replication` endpoints (used by stream writers, etc.) +# - `webserving` - tells whether this type of worker serves web (client or federation) requests, so that it can be injected as a dependency to the reverse-proxy # # Example of what this needs to look like, if you're defining it manually: # matrix_synapse_workers_enabled_list: -# - { type: generic_worker, instanceId: '18111', port: 18111, metrics_port: 19111 } -# - { type: generic_worker, instanceId: '18112', port: 18112, metrics_port: 19112 } -# - { type: generic_worker, instanceId: '18113', port: 18113, metrics_port: 19113 } -# - { type: generic_worker, instanceId: '18114', port: 18114, metrics_port: 19114 } -# - { type: generic_worker, instanceId: '18115', port: 18115, metrics_port: 19115 } -# - { type: generic_worker, instanceId: '18116', port: 18116, metrics_port: 19116 } -# - { type: pusher, instanceId: '0', port: 0, metrics_port: 19200 } -# - { type: appservice, instanceId: '0', port: 0, metrics_port: 19300 } -# - { type: federation_sender, instanceId: '0', port: 0, metrics_port: 19400 } -# - { type: media_repository, instanceId: '18551', port: 18551, metrics_port: 19551 } +# - { 'id': 'generic-worker-0', 'name': 'matrix-synapse-worker-generic-0', 'type': 'generic_worker', 'app': 'generic_worker', 'port': 18111, 'metrics_port': 19111, 'webserving': true } +# - { 'id': 'generic-worker-1', 'name': 'matrix-synapse-worker-generic-1', 'type': 'generic_worker', 'app': 'generic_worker', 'port': 18112, 'metrics_port': 19112, 'webserving': true } +# - { 'id': 'generic-worker-2', 'name': 'matrix-synapse-worker-generic-2', 'type': 'generic_worker', 'app': 'generic_worker', 'port': 18113, 'metrics_port': 19113, 'webserving': true } +# - { 'id': 'generic-worker-3', 'name': 'matrix-synapse-worker-generic-3', 'type': 'generic_worker', 'app': 'generic_worker', 'port': 18114, 'metrics_port': 19114, 'webserving': true } +# - { 'id': 'generic-worker-4', 'name': 'matrix-synapse-worker-generic-4', 'type': 'generic_worker', 'app': 'generic_worker', 'port': 18115, 'metrics_port': 19115, 'webserving': true } +# - { 'id': 'generic-worker-5', 'name': 'matrix-synapse-worker-generic-5', 'type': 'generic_worker', 'app': 'generic_worker', 'port': 18116, 'metrics_port': 19116, 'webserving': true } +# - { 'id': 'stream-writer-0-events', 'name': 'matrix-synapse-worker-stream-writer-0-events', 'type': 'stream_writer', 'app': 'generic_worker', 'stream_writer_stream': 'events', 'port': 0, 'replication_port': 25011, metrics_port: 19111, 'webserving': false } +# - { 'id': 'stream-writer-1-typing', 'name': 'matrix-synapse-worker-stream-writer-1-typing', 'type': 'stream_writer', 'app': 'generic_worker', 'stream_writer_stream': 'typing', 'port': 20012, 'replication_port': 25012, metrics_port: 19112, 'webserving': true } +# - { 'id': 'pusher-0', 'name': 'matrix-synapse-worker-pusher-0', 'type': 'pusher', 'app': 'pusher', 'port': 0, 'metrics_port': 19200, 'webserving': false } +# - { 'id': 'appservice-0', 'name': 'matrix-synapse-worker-appservice-0', 'type': 'appservice', 'port': 0, 'metrics_port': 19300, 'webserving': false } +# - { 'id': 'federation-sender-0', 'name': 'matrix-synapse-worker-federation-sender-0', 'type': 'federation_sender', 'port': 0, 'metrics_port': 19400, 'webserving': false } +# - { 'id': 'media-repository-0', 'name': 'matrix-synapse-worker-media-repository-0', 'type': 'media_repository', 'port': 18551, 'metrics_port': 19551, 'webserving': true } matrix_synapse_workers_enabled_list: [] +# matrix_synapse_instance_map holds the instance map used for mapping worker names (for certain generic workers only!) to where they live (host, port which handles replication traffic). +# This is populated automatically based on `matrix_synapse_workers_enabled_list` during runtime, so you're not required to tweak it manually. +matrix_synapse_instance_map: {} + # Redis information matrix_synapse_redis_enabled: false matrix_synapse_redis_host: "" diff --git a/roles/matrix-synapse/tasks/init.yml b/roles/matrix-synapse/tasks/init.yml index 77696bce..8610a33b 100644 --- a/roles/matrix-synapse/tasks/init.yml +++ b/roles/matrix-synapse/tasks/init.yml @@ -8,15 +8,15 @@ # Unless `matrix_synapse_workers_enabled_list` is explicitly defined, # we'll generate it dynamically. -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/synapse/workers/init.yml" +- ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/init.yml" when: "matrix_synapse_enabled and matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list|length == 0" - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse.service'] }}" when: matrix_synapse_enabled | bool -- name: Ensure systemd services for workers are injected - ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml" +- name: Ensure workers are injected into various places + ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/util/inject_worker.yml" with_items: "{{ matrix_synapse_workers_enabled_list }}" loop_control: loop_var: matrix_synapse_worker_details @@ -65,9 +65,9 @@ matrix_synapse_worker_nginx_metrics_configuration_block: | {% for worker in matrix_synapse_workers_enabled_list %} {% if worker.metrics_port != 0 %} - location /metrics/synapse/worker/{{ worker.type }}-{{ worker.instanceId }} { + location /metrics/synapse/worker/{{ worker.id }} { resolver 127.0.0.11 valid=5s; - set $backend "matrix-synapse-worker-{{ worker.type }}-{{ worker.instanceId }}:{{ worker.metrics_port }}"; + set $backend "{{ worker.name }}:{{ worker.metrics_port }}"; proxy_pass http://$backend/_synapse/metrics; proxy_set_header Host $host; } diff --git a/roles/matrix-synapse/tasks/synapse/workers/init.yml b/roles/matrix-synapse/tasks/synapse/workers/init.yml index 3aa61923..fe613e70 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/init.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/init.yml @@ -7,18 +7,47 @@ - name: Build generic workers ansible.builtin.set_fact: worker: + id: "generic-worker-{{ item }}" + name: "matrix-synapse-worker-generic-{{ item }}" type: 'generic_worker' - instanceId: "{{ matrix_synapse_workers_generic_workers_port_range_start + item }}" + app: 'generic_worker' + webserving: true port: "{{ matrix_synapse_workers_generic_workers_port_range_start + item }}" metrics_port: "{{ matrix_synapse_workers_generic_workers_metrics_range_start + item }}" register: "matrix_synapse_workers_list_results_generic_workers" loop: "{{ range(0, matrix_synapse_workers_generic_workers_count | int) | list }}" +- name: Build stream writer workers + ansible.builtin.set_fact: + worker: + id: "stream-writer-{{ item }}-{{ item.stream }}" + # Names must not include understores. Certain stream writer streams (to_device, account_data, ..) do, so we fix them up. + name: "matrix-synapse-worker-stream-writer-{{ idx }}-{{ item.stream | replace('_', '-') }}" + type: 'stream_writer' + app: "generic_worker" + webserving: "{{ item.stream in matrix_synapse_workers_webserving_stream_writer_types }}" + stream_writer_stream: "{{ item.stream }}" + port: "{{ matrix_synapse_workers_stream_writer_workers_http_port_range_start + idx }}" + replication_port: "{{ matrix_synapse_workers_stream_writer_workers_replication_port_range_start + idx }}" + metrics_port: "{{ matrix_synapse_workers_stream_writer_workers_metrics_range_start + idx }}" + register: "matrix_synapse_workers_list_results_stream_writer_workers" + loop: "{{ matrix_synapse_workers_stream_writers }}" + loop_control: + index_var: idx + +- name: Populate matrix_synapse_stream_writers from enabled stream writer workers list + ansible.builtin.set_fact: + matrix_synapse_stream_writers: "{{ matrix_synapse_stream_writers | combine ({item.ansible_facts.worker.stream_writer_stream: [item.ansible_facts.worker.name]}) }}" + with_items: "{{ matrix_synapse_workers_list_results_stream_writer_workers.results }}" + - name: Build federation sender workers ansible.builtin.set_fact: worker: + id: "federation-sender-{{ item }}" + name: "matrix-synapse-worker-federation-sender-{{ item }}" type: 'federation_sender' - instanceId: "{{ item }}" + app: 'federation_sender' + webserving: false port: 0 metrics_port: "{{ matrix_synapse_workers_federation_sender_workers_metrics_range_start + item }}" register: "matrix_synapse_workers_list_results_federation_sender_workers" @@ -28,8 +57,11 @@ - name: Build pusher workers ansible.builtin.set_fact: worker: + id: "pusher-{{ item }}" + name: "matrix-synapse-worker-pusher-{{ item }}" type: 'pusher' - instanceId: "{{ item }}" + app: 'pusher' + webserving: false port: 0 metrics_port: "{{ matrix_synapse_workers_pusher_workers_metrics_range_start + item }}" register: "matrix_synapse_workers_list_results_pusher_workers" @@ -39,8 +71,11 @@ - name: Build appservice workers ansible.builtin.set_fact: worker: + id: "appservice-{{ item }}" + name: "matrix-synapse-worker-appservice-{{ item }}" type: 'appservice' - instanceId: "{{ item }}" + app: 'appservice' + webserving: false port: 0 metrics_port: "{{ matrix_synapse_workers_appservice_workers_metrics_range_start + item }}" register: "matrix_synapse_workers_list_results_appservice_workers" @@ -49,8 +84,11 @@ - name: Build media_repository workers ansible.builtin.set_fact: worker: + id: "media-repository-{{ item }}" + name: "matrix-synapse-worker-media-repository-{{ item }}" type: 'media_repository' - instanceId: "{{ matrix_synapse_workers_media_repository_workers_port_range_start + item }}" + app: 'media_repository' + webserving: true port: "{{ matrix_synapse_workers_media_repository_workers_port_range_start + item }}" metrics_port: "{{ matrix_synapse_workers_media_repository_workers_metrics_range_start + item }}" register: "matrix_synapse_workers_list_results_media_repository_workers" @@ -62,6 +100,8 @@ {{ matrix_synapse_workers_list_results_generic_workers.results + + matrix_synapse_workers_list_results_stream_writer_workers.results + + matrix_synapse_workers_list_results_federation_sender_workers.results + matrix_synapse_workers_list_results_pusher_workers.results diff --git a/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml b/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml deleted file mode 100644 index 2ecb3f2b..00000000 --- a/roles/matrix-synapse/tasks/synapse/workers/util/inject_systemd_services_for_worker.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# The tasks below run before `validate_config.yml`. -# To avoid failing with a cryptic error message, we'll do validation here. -# -# This check is mostly relevant to people who explicitly define `matrix_synapse_workers_enabled_list` -# (Synapse Workers users from the earlier days of this PR - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/456). -# -# In the future, it should be possible to remove this check. -# Our own code which dynamically builds `matrix_synapse_workers_enabled_list` does things right. -- name: Fail if instanceId not defined for worker - ansible.builtin.fail: - msg: "Synapse workers (like {{ matrix_synapse_worker_details | to_json }}) need to define an instanceId property (type + instanceId must be unique)" - when: "'instanceId' not in matrix_synapse_worker_details" - -- ansible.builtin.set_fact: - matrix_synapse_worker_systemd_service_name: "matrix-synapse-worker-{{ matrix_synapse_worker_details.type }}-{{ matrix_synapse_worker_details.instanceId }}.service" - -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + [matrix_synapse_worker_systemd_service_name] }}" diff --git a/roles/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml b/roles/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml new file mode 100644 index 00000000..4f6b4398 --- /dev/null +++ b/roles/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml @@ -0,0 +1,65 @@ +--- +# The tasks below run before `validate_config.yml`. +# To avoid failing with a cryptic error message, we'll do validation here. +# +# This check is mostly relevant to people who explicitly define `matrix_synapse_workers_enabled_list` +# (Synapse Workers users from the earlier days of this PR - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/456). +# +# In the future, it should be possible to remove this check. +# Our own code which dynamically builds `matrix_synapse_workers_enabled_list` does things right. +- name: Fail if required property not defined for worker + ansible.builtin.fail: + msg: "Synapse workers (like {{ matrix_synapse_worker_details | to_json }}) need to define a `{{ item }}` property" + with_items: + - id + - name + - type + - app + - port + - webserving + when: "item not in matrix_synapse_worker_details" + +# Names are used for container names and systemd services. +# Routing happens based on container names, so Synapse processes that try to route to workers with underscores in the name will complain. Example: +# > InvalidCodepoint Codepoint U+005F at position 46 of 'matrix-synapse-worker-stream-writer-3-account_data' not allowed +- name: Fail if worker name includes underscore + ansible.builtin.fail: + msg: "Unrecognized Synapse worker `name`: `{{ matrix_synapse_worker_details.name }}`. It must not include underscores" + when: "'_' in matrix_synapse_worker_details.name" + +- name: Fail if worker type unknown + ansible.builtin.fail: + msg: "Unrecognized Synapse worker `type`: `{{ matrix_synapse_worker_details.type }}`. Supported types are: {{ matrix_synapse_known_worker_types | join(', ') }}" + when: "matrix_synapse_worker_details.type not in matrix_synapse_known_worker_types" + +- name: Fail if worker app unknown + ansible.builtin.fail: + msg: "Unrecognized Synapse worker `app`: `{{ matrix_synapse_worker_details.app }}`. Supported types are: {{ matrix_synapse_workers_avail_list | join(', ') }}" + when: "matrix_synapse_worker_details.app not in matrix_synapse_workers_avail_list" + +- block: + - name: Fail if stream_writer_stream not defined for stream_writer worker + ansible.builtin.fail: + msg: >- + Synapse stream_writer workers (such as {{ item }}) need to define a valid `stream_writer_stream` property + (not `{{ matrix_synapse_worker_details.stream_writer_stream|default('undefined') }}`). + Supported types are: {{ matrix_synapse_workers_known_stream_writer_stream_types | join(', ') }} + when: "'stream_writer_stream' not in matrix_synapse_worker_details or matrix_synapse_worker_details.stream_writer_stream not in matrix_synapse_workers_known_stream_writer_stream_types" + + - name: Fail if replication_port not defined for stream_writer worker + ansible.builtin.fail: + msg: "Synapse background workers of type stream_writer (such as {{ item }}) need to define a valid `replication_port` property" + when: "'replication_port' not in matrix_synapse_worker_details" + when: "matrix_synapse_worker_details.type == 'stream_writer'" + +- ansible.builtin.set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + [matrix_synapse_worker_details.name + '.service'] }}" + +- ansible.builtin.set_fact: + matrix_synapse_webserving_workers_systemd_services_list: "{{ matrix_synapse_webserving_workers_systemd_services_list + [matrix_synapse_worker_details.name + '.service'] }}" + when: matrix_synapse_worker_details.webserving | bool + +# Inject stream writers and various other background workers into the instance map. +- ansible.builtin.set_fact: + matrix_synapse_instance_map: "{{ matrix_synapse_instance_map | combine({matrix_synapse_worker_details.name: {'host': matrix_synapse_worker_details.name, 'port': matrix_synapse_worker_details.replication_port}}) }}" + when: matrix_synapse_worker_details.type in matrix_synapse_known_instance_map_eligible_worker_types diff --git a/roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml b/roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml index d6d4924f..d3f30917 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/util/setup_files_for_worker.yml @@ -1,13 +1,9 @@ --- - ansible.builtin.set_fact: - matrix_synapse_worker_systemd_service_name: "matrix-synapse-worker-{{ matrix_synapse_worker_details.type }}-{{ matrix_synapse_worker_details.instanceId }}" - -- ansible.builtin.set_fact: - matrix_synapse_worker_container_name: "{{ matrix_synapse_worker_systemd_service_name }}" - -- ansible.builtin.set_fact: - matrix_synapse_worker_config_file_name: "worker.{{ matrix_synapse_worker_details.type }}_{{ matrix_synapse_worker_details.instanceId }}.yaml" + matrix_synapse_worker_systemd_service_name: "{{ matrix_synapse_worker_details.name }}" + matrix_synapse_worker_container_name: "{{ matrix_synapse_worker_details.name }}" + matrix_synapse_worker_config_file_name: "worker.{{ matrix_synapse_worker_details.name }}.yaml" - name: Ensure configuration exists for {{ matrix_synapse_worker_systemd_service_name }} ansible.builtin.template: diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/matrix-synapse/tasks/validate_config.yml index bcb71c75..1fc70816 100644 --- a/roles/matrix-synapse/tasks/validate_config.yml +++ b/roles/matrix-synapse/tasks/validate_config.yml @@ -32,6 +32,11 @@ with_items: - "matrix_synapse_workers_pusher_workers_count" - "matrix_synapse_workers_federation_sender_workers_count" + - "matrix_synapse_workers_stream_writer_typing_stream_workers_count" + - "matrix_synapse_workers_stream_writer_to_device_stream_workers_count" + - "matrix_synapse_workers_stream_writer_account_data_stream_workers_count" + - "matrix_synapse_workers_stream_writer_receipts_stream_workers_count" + - "matrix_synapse_workers_stream_writer_presence_stream_workers_count" - name: (Deprecation) Catch and report renamed settings ansible.builtin.fail: diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 04c4b3cf..86d03be4 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -352,13 +352,13 @@ worker_app: synapse.app.homeserver # thx https://oznetnerd.com/2017/04/18/jinja2-selectattr-filter/ # reduce the main worker's offerings to core homeserver business -{% if matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'federation_sender') | list %} +{% if matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'federation_sender') | list | length > 0 %} send_federation: false {% endif %} -{% if matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list %} +{% if matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list | length > 0 %} enable_media_repo: false {% endif %} -{% if matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'pusher') | list %} +{% if matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'pusher') | list | length > 0 %} start_pushers: false {% endif %} @@ -2870,6 +2870,7 @@ opentracing: # worker1: # host: localhost # port: 8034 +instance_map: {{ matrix_synapse_instance_map | to_json }} # Experimental: When using workers you can define which workers should # handle event persistence and typing notifications. Any worker @@ -2878,6 +2879,7 @@ opentracing: #stream_writers: # events: worker1 # typing: worker1 +stream_writers: {{ matrix_synapse_stream_writers | to_json }} # The worker that is used to run background tasks (e.g. cleaning up expired # data). If not provided this defaults to the main process. diff --git a/roles/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2 b/roles/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2 index b194c3c2..1501697d 100644 --- a/roles/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2 +++ b/roles/matrix-synapse/templates/synapse/prometheus/external_prometheus.yml.example.j2 @@ -24,8 +24,8 @@ scrape_configs: job: "master" index: "0" {% for worker in matrix_synapse_workers_enabled_list %} - - job_name: 'synapse-{{ worker.type }}-{{ worker.instanceId }}' - metrics_path: /metrics/synapse/worker/{{ worker.type }}-{{ worker.instanceId }} + - job_name: '{{ worker.name }}' + metrics_path: /metrics/synapse/worker/{{ worker.id }} scheme: {{ 'https' if matrix_nginx_proxy_https_enabled|default(true) else 'http' }} {% if matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|default(true) %} basic_auth: @@ -35,6 +35,7 @@ scrape_configs: static_configs: - targets: ['{{ matrix_server_fqn_matrix }}:{{ matrix_nginx_proxy_container_https_host_bind_port|default(443) if matrix_nginx_proxy_https_enabled|default(true) else matrix_nginx_proxy_container_http_host_bind_port|default(80) }}'] labels: + worker_id: {{ worker.id }} job: "{{ worker.type }}" - index: "{{ worker.instanceId }}" + app: {{ worker.app }} {% endfor %} diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 index 4a38251d..96b65a0a 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 @@ -43,7 +43,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name {{ matrix_synapse_wor {{ arg }} \ {% endfor %} {{ matrix_synapse_docker_image }} \ - run -m synapse.app.{{ matrix_synapse_worker_details.type }} -c /data/homeserver.yaml -c /data/{{ matrix_synapse_worker_config_file_name }} + run -m synapse.app.{{ matrix_synapse_worker_details.app }} -c /data/homeserver.yaml -c /data/{{ matrix_synapse_worker_config_file_name }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill {{ matrix_synapse_worker_container_name }} 2>/dev/null || true' diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 index 027114fb..eed50ad1 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 @@ -12,7 +12,7 @@ Wants={{ service }} {% if matrix_synapse_workers_enabled %} {% for matrix_synapse_worker_details in matrix_synapse_workers_enabled_list %} -Wants=matrix-synapse-worker-{{ matrix_synapse_worker_details.type }}-{{ matrix_synapse_worker_details.port }}.service +Wants={{ matrix_synapse_worker_details.name }}.service {% endfor %} {% endif %} diff --git a/roles/matrix-synapse/templates/synapse/worker.yaml.j2 b/roles/matrix-synapse/templates/synapse/worker.yaml.j2 index 33789b0c..c9637a83 100644 --- a/roles/matrix-synapse/templates/synapse/worker.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/worker.yaml.j2 @@ -1,27 +1,38 @@ #jinja2: lstrip_blocks: "True" -worker_app: synapse.app.{{ matrix_synapse_worker_details.type }} -worker_name: {{ matrix_synapse_worker_details.type ~ ':' ~ matrix_synapse_worker_details.port }} +worker_app: synapse.app.{{ matrix_synapse_worker_details.app }} +worker_name: {{ matrix_synapse_worker_details.name }} {% if matrix_synapse_replication_listener_enabled %} worker_replication_host: matrix-synapse worker_replication_http_port: {{ matrix_synapse_replication_http_port }} {% endif %} -{% set has_listeners = (matrix_synapse_worker_details.type not in [ 'appservice', 'federation_sender', 'pusher' ] or matrix_synapse_metrics_enabled) %} - {% set http_resources = [] %} -{% if matrix_synapse_worker_details.type in ['generic_worker', 'user_dir'] %} +{% if matrix_synapse_worker_details.type == 'user_dir' %} {% set http_resources = http_resources + ['client'] %} {% endif %} -{% if matrix_synapse_worker_details.type in ['generic_worker'] %} - {% set http_resources = http_resources+ ['federation'] %} +{% if matrix_synapse_worker_details.type == 'generic_worker' %} + {% set http_resources = http_resources + ['client', 'federation'] %} {% endif %} -{% if matrix_synapse_worker_details.type in ['media_repository'] %} +{# + None of the background workers need to handle federation traffic. + Only some of the stream writers need to handle client traffic. +#} +{% if matrix_synapse_worker_details.type == 'stream_writer' and matrix_synapse_worker_details.webserving %} + {% set http_resources = http_resources + ['client'] %} +{% endif %} +{% if matrix_synapse_worker_details.type == 'media_repository' %} {% set http_resources = http_resources + ['media'] %} {% endif %} -{% if http_resources|length > 0 or matrix_synapse_metrics_enabled %} +{% set replication_http_resources = [] %} +{% if matrix_synapse_worker_details.type == 'stream_writer' %} + {# All background workers need to handle replication traffic. #} + {% set replication_http_resources = replication_http_resources + ['replication'] %} +{% endif %} + +{% if http_resources|length > 0 or matrix_synapse_metrics_enabled or replication_http_resources|length > 0 %} worker_listeners: {% if http_resources|length > 0 %} - type: http @@ -36,6 +47,13 @@ worker_listeners: bind_addresses: ['0.0.0.0'] port: {{ matrix_synapse_worker_details.metrics_port }} {% endif %} +{% if replication_http_resources|length > 0 %} + - type: http + bind_addresses: ['::'] + port: {{ matrix_synapse_worker_details.replication_port }} + resources: + - names: {{ replication_http_resources|to_json }} +{% endif %} {% endif %} {% if matrix_synapse_worker_details.type == 'generic_worker' %} diff --git a/roles/matrix-synapse/vars/main.yml b/roles/matrix-synapse/vars/main.yml index 2d9b62cf..e8b0e49c 100644 --- a/roles/matrix-synapse/vars/main.yml +++ b/roles/matrix-synapse/vars/main.yml @@ -36,3 +36,58 @@ matrix_synapse_workers_generic_worker_federation_endpoints: "{{ matrix_synapse_w # matrix_synapse_workers_generic_worker_federation_endpoints_regex contains the regex used in matrix_synapse_workers_generic_worker_federation_endpoints. # It's intentionally put in a separate variable, to avoid tripping ansible-lint's var-spacing rule. matrix_synapse_workers_generic_worker_federation_endpoints_regex: '.*(/_matrix/federation|/_matrix/key).*' + +# matrix_synapse_workers_stream_writer_typing_stream_worker_client_server_endpoints contains the endpoints serviced by the `typing` stream writer. +# See: https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream +matrix_synapse_workers_stream_writer_typing_stream_worker_client_server_endpoints: + - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing + +# matrix_synapse_workers_stream_writer_to_device_stream_worker_client_server_endpoints contains the endpoints serviced by the `to_device` stream writer. +# See: https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream +matrix_synapse_workers_stream_writer_to_device_stream_worker_client_server_endpoints: + - ^/_matrix/client/(r0|v3|unstable)/sendToDevice/ + +# matrix_synapse_workers_stream_writer_account_data_stream_worker_client_server_endpoints contains the endpoints serviced by the `account_data` stream writer. +# See: https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream +matrix_synapse_workers_stream_writer_account_data_stream_worker_client_server_endpoints: + - ^/_matrix/client/(r0|v3|unstable)/.*/tags + - ^/_matrix/client/(r0|v3|unstable)/.*/account_data + +# matrix_synapse_workers_stream_writer_receipts_stream_worker_client_server_endpoints contains the endpoints serviced by the `recepts` stream writer. +# See: https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream +matrix_synapse_workers_stream_writer_receipts_stream_worker_client_server_endpoints: + - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt + - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers + +# matrix_synapse_workers_stream_writer_presence_stream_worker_client_server_endpoints contains the endpoints serviced by the `presence` stream writer. +# See: https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream +matrix_synapse_workers_stream_writer_presence_stream_worker_client_server_endpoints: + - ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ + +# matrix_synapse_workers_known_stream_writer_stream_types contains the list of stream writer stream types that the playbook recognizes. +# This is used for validation purposes. If adding support for a new type, besides adding it to this list, +# don't forget to actually configure it where appropriate (see worker.yaml.j2`, the nginx proxy configuration, etc). +matrix_synapse_workers_known_stream_writer_stream_types: ['events', 'typing', 'to_device', 'account_data', 'receipts', 'presence'] + +# matrix_synapse_workers_webserving_stream_writer_types contains a list of stream writer types that serve web (client) requests. +# Not all stream writers serve web requests. Some just perform background tasks. +matrix_synapse_workers_webserving_stream_writer_types: ['typing', 'to_device', 'account_data', 'receipts', 'presence'] + +# matrix_synapse_workers_systemd_services_list contains a list of systemd services (one for each worker systemd service which serves web requests). +# This list is built during runtime. +# Not all workers serve web requests. Those that don't won't be injected here. +matrix_synapse_webserving_workers_systemd_services_list: [] + +# matrix_synapse_known_worker_types contains the list of known worker types. +# A worker type is different than a worker app (e.g. `generic_worker`). +# For example, the `stream_writer` worker type is served by the `generic_worker` app, but is a separate type that we recognize. +matrix_synapse_known_worker_types: | + {{ + matrix_synapse_workers_avail_list + + + ['stream_writer'] + }} + +# matrix_synapse_known_instance_map_eligible_worker_types contains the list of worker types that are to be injected into `matrix_synapse_instance_map`. +matrix_synapse_known_instance_map_eligible_worker_types: + - stream_writer From ec654ca91ee32dcac5fefd5d750bb6aa4e47896f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 15 Sep 2022 08:13:08 +0300 Subject: [PATCH 32/55] Add support for multiple federation sender workers --- CHANGELOG.md | 8 +++++++- roles/matrix-synapse/defaults/main.yml | 13 +++++++++++-- roles/matrix-synapse/tasks/synapse/workers/init.yml | 7 +++++++ roles/matrix-synapse/tasks/validate_config.yml | 1 - .../templates/synapse/homeserver.yaml.j2 | 5 ++--- 5 files changed, 27 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2b9b149e..4a1fbb2d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,8 @@ People who are interested in running a Synapse worker setup should know that **our Synapse worker implementation is much more powerful now**: -- we've added [Stream writers support](#stream-writers-support) +- we've added support for [Stream writers](#stream-writers-support) +- we've added support for [multiple federation sender workers](#multiple-federation-sender-workers-support) - see the [Potential Backward Incompatibilities after these Synapse worker changes](#potential-backward-incompatibilities-after-these-synapse-worker-changes) ### Stream writers support @@ -26,6 +27,11 @@ matrix_synapse_workers_stream_writer_receipts_stream_workers_count: 1 matrix_synapse_workers_stream_writer_presence_stream_workers_count: 1 ``` +### Multiple federation sender workers support + +Until now, we only supported a single `federation_sender` worker (`matrix_synapse_workers_federation_sender_workers_count` could either be `0` or `1`). +From now on, you can have as many as you want to help with your federation traffic. + ### Potential Backward Incompatibilities after these Synapse worker changes Below we'll discuss **potential backward incompatibilities**. diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 4213c4f1..6349fa6f 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -510,12 +510,21 @@ matrix_synapse_workers_pusher_workers_metrics_range_start: 19200 matrix_synapse_workers_appservice_workers_count: 0 matrix_synapse_workers_appservice_workers_metrics_range_start: 19300 -# matrix_synapse_workers_federation_sender_workers_count can only be 0 or 1 for now. -# More instances are not supported due to a playbook limitation having to do with keeping `federation_sender_instances` in `homeserver.yaml` updated. +# matrix_synapse_workers_federation_sender_workers_count controls the number of federation sender workers to spawn. # See https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappfederation_sender matrix_synapse_workers_federation_sender_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['federation_sender_workers_count'] }}" matrix_synapse_workers_federation_sender_workers_metrics_range_start: 19400 +# matrix_synapse_federation_sender_instances populates the `federation_sender_instances` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`). +# What you see below is an initial default value which will be adjusted at runtime based on the value of `matrix_synapse_workers_federation_sender_workers_count` or `matrix_synapse_workers_enabled_list`. +# Adjusting this value manually is generally not necessary. +matrix_synapse_federation_sender_instances: [] + +# matrix_synapse_send_federation controls if theh main Synapse process should send federation traffic. +# This is allowed if workers are disabled, or if there are no federation sender workers. +# Adjusting this value manually is generally not necessary. +matrix_synapse_send_federation: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'federation_sender') | list | length > 0) }}" + matrix_synapse_workers_media_repository_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['media_repository_workers_count'] }}" matrix_synapse_workers_media_repository_workers_port_range_start: 18551 matrix_synapse_workers_media_repository_workers_metrics_range_start: 19551 diff --git a/roles/matrix-synapse/tasks/synapse/workers/init.yml b/roles/matrix-synapse/tasks/synapse/workers/init.yml index fe613e70..6ab6784f 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/init.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/init.yml @@ -53,6 +53,13 @@ register: "matrix_synapse_workers_list_results_federation_sender_workers" loop: "{{ range(0, matrix_synapse_workers_federation_sender_workers_count | int) | list }}" +- name: Populate matrix_synapse_federation_sender_instances from enabled federation sender workers list + ansible.builtin.set_fact: + matrix_synapse_federation_sender_instances: "{{ matrix_synapse_federation_sender_instances + [item.ansible_facts.worker.name] }}" + with_items: "{{ matrix_synapse_workers_list_results_federation_sender_workers.results }}" + +- debug: var="matrix_synapse_federation_sender_instances" + # This type of worker can only have a count of 1, at most - name: Build pusher workers ansible.builtin.set_fact: diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/matrix-synapse/tasks/validate_config.yml index 1fc70816..04a04cd5 100644 --- a/roles/matrix-synapse/tasks/validate_config.yml +++ b/roles/matrix-synapse/tasks/validate_config.yml @@ -31,7 +31,6 @@ when: "vars[item]|int > 1" with_items: - "matrix_synapse_workers_pusher_workers_count" - - "matrix_synapse_workers_federation_sender_workers_count" - "matrix_synapse_workers_stream_writer_typing_stream_workers_count" - "matrix_synapse_workers_stream_writer_to_device_stream_workers_count" - "matrix_synapse_workers_stream_writer_account_data_stream_workers_count" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 86d03be4..9f6679fc 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -352,9 +352,6 @@ worker_app: synapse.app.homeserver # thx https://oznetnerd.com/2017/04/18/jinja2-selectattr-filter/ # reduce the main worker's offerings to core homeserver business -{% if matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'federation_sender') | list | length > 0 %} -send_federation: false -{% endif %} {% if matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list | length > 0 %} enable_media_repo: false {% endif %} @@ -2851,6 +2848,7 @@ opentracing: # Uncomment if using a federation sender worker. # #send_federation: false +send_federation: {{ matrix_synapse_send_federation | to_json }} # It is possible to run multiple federation sender workers, in which case the # work is balanced across them. @@ -2862,6 +2860,7 @@ opentracing: # #federation_sender_instances: # - federation_sender1 +federation_sender_instances: {{ matrix_synapse_federation_sender_instances | to_json }} # When using workers this should be a map from `worker_name` to the # HTTP replication listener of the worker, if configured. From 22cf259155e0a3cac5d0d53fd330e7ea028bcf13 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 15 Sep 2022 08:14:47 +0300 Subject: [PATCH 33/55] Put common worker configuration options at the top --- .../templates/synapse/worker.yaml.j2 | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/roles/matrix-synapse/templates/synapse/worker.yaml.j2 b/roles/matrix-synapse/templates/synapse/worker.yaml.j2 index c9637a83..2b0df98d 100644 --- a/roles/matrix-synapse/templates/synapse/worker.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/worker.yaml.j2 @@ -2,11 +2,18 @@ worker_app: synapse.app.{{ matrix_synapse_worker_details.app }} worker_name: {{ matrix_synapse_worker_details.name }} +worker_daemonize: false +worker_log_config: /data/{{ matrix_server_fqn_matrix }}.log.config + {% if matrix_synapse_replication_listener_enabled %} worker_replication_host: matrix-synapse worker_replication_http_port: {{ matrix_synapse_replication_http_port }} {% endif %} +{% if matrix_synapse_worker_details.type == 'generic_worker' %} +worker_main_http_uri: http://matrix-synapse:{{ matrix_synapse_container_client_api_port }} +{% endif %} + {% set http_resources = [] %} {% if matrix_synapse_worker_details.type == 'user_dir' %} @@ -55,10 +62,3 @@ worker_listeners: - names: {{ replication_http_resources|to_json }} {% endif %} {% endif %} - -{% if matrix_synapse_worker_details.type == 'generic_worker' %} -worker_main_http_uri: http://matrix-synapse:{{ matrix_synapse_container_client_api_port }} -{% endif %} - -worker_daemonize: false -worker_log_config: /data/{{ matrix_server_fqn_matrix }}.log.config From b842447047be77bcf209d9f3ed0609e063b8a192 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 15 Sep 2022 08:32:55 +0300 Subject: [PATCH 34/55] Add support for multiple pusher workers --- CHANGELOG.md | 7 +++++++ roles/matrix-synapse/defaults/main.yml | 19 ++++++++++++++----- .../matrix-synapse/tasks/validate_config.yml | 3 +-- .../templates/synapse/homeserver.yaml.j2 | 6 +++--- 4 files changed, 25 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4a1fbb2d..90b9b8f7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ People who are interested in running a Synapse worker setup should know that **o - we've added support for [Stream writers](#stream-writers-support) - we've added support for [multiple federation sender workers](#multiple-federation-sender-workers-support) +- we've added support for [multiple pusher workers](#multiple-pusher-workers-support) - see the [Potential Backward Incompatibilities after these Synapse worker changes](#potential-backward-incompatibilities-after-these-synapse-worker-changes) ### Stream writers support @@ -32,6 +33,12 @@ matrix_synapse_workers_stream_writer_presence_stream_workers_count: 1 Until now, we only supported a single `federation_sender` worker (`matrix_synapse_workers_federation_sender_workers_count` could either be `0` or `1`). From now on, you can have as many as you want to help with your federation traffic. +### Multiple pusher workers support + +Until now, we only supported a single `pusher` worker (`matrix_synapse_workers_pusher_workers_count` could either be `0` or `1`). +From now on, you can have as many as you want to help with pushing notifications out. + + ### Potential Backward Incompatibilities after these Synapse worker changes Below we'll discuss **potential backward incompatibilities**. diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 6349fa6f..ca84ff38 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -498,12 +498,21 @@ matrix_synapse_workers_stream_writer_workers_http_port_range_start: 20011 matrix_synapse_workers_stream_writer_workers_replication_port_range_start: 25011 matrix_synapse_workers_stream_writer_workers_metrics_range_start: 19111 -# matrix_synapse_workers_pusher_workers_count can only be 0 or 1 for now. -# More instances are not supported due to a playbook limitation having to do with keeping `pusher_instances` in `homeserver.yaml` updated. -# See https://github.com/matrix-org/synapse/commit/ddfdf945064925eba761ae3748e38f3a1c73c328 +# matrix_synapse_workers_pusher_workers_count controls the number of pusher workers (workers who push out notifications) to spawn. +# See https://matrix-org.github.io/synapse/latest/workers.html#synapseapppusher matrix_synapse_workers_pusher_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['pusher_workers_count'] }}" matrix_synapse_workers_pusher_workers_metrics_range_start: 19200 +# matrix_synapse_federation_pusher_instances populates the `pusher_instances` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`). +# What you see below is an initial default value which will be adjusted at runtime based on the value of `matrix_synapse_workers_pusher_workers_count` or `matrix_synapse_workers_enabled_list`. +# Adjusting this value manually is generally not necessary. +matrix_synapse_federation_pusher_instances: [] + +# matrix_synapse_start_pushers controls if theh main Synapse process should push out notifications or if it should be left to pusher workers (see `matrix_synapse_federation_pusher_instances`). +# This is allowed if workers are disabled, or if there are no pusher workers. +# Adjusting this value manually is generally not necessary. +matrix_synapse_start_pushers: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'pusher') | list | length > 0) }}" + # matrix_synapse_workers_appservice_workers_count can only be 0 or 1. More instances are not supported. # appservice workers are deprecated since Synapse v1.59. This will be removed. # See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types @@ -511,7 +520,7 @@ matrix_synapse_workers_appservice_workers_count: 0 matrix_synapse_workers_appservice_workers_metrics_range_start: 19300 # matrix_synapse_workers_federation_sender_workers_count controls the number of federation sender workers to spawn. -# See https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappfederation_sender +# See https://matrix-org.github.io/synapse/latest/workers.html#synapseappfederation_sender matrix_synapse_workers_federation_sender_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['federation_sender_workers_count'] }}" matrix_synapse_workers_federation_sender_workers_metrics_range_start: 19400 @@ -520,7 +529,7 @@ matrix_synapse_workers_federation_sender_workers_metrics_range_start: 19400 # Adjusting this value manually is generally not necessary. matrix_synapse_federation_sender_instances: [] -# matrix_synapse_send_federation controls if theh main Synapse process should send federation traffic. +# matrix_synapse_send_federation controls if theh main Synapse process should send federation traffic or if it should be left to federation_sender workers (see `matrix_synapse_federation_sender_instances`). # This is allowed if workers are disabled, or if there are no federation sender workers. # Adjusting this value manually is generally not necessary. matrix_synapse_send_federation: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'federation_sender') | list | length > 0) }}" diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/matrix-synapse/tasks/validate_config.yml index 04a04cd5..faab7daa 100644 --- a/roles/matrix-synapse/tasks/validate_config.yml +++ b/roles/matrix-synapse/tasks/validate_config.yml @@ -12,7 +12,7 @@ - "matrix_synapse_database_password" - "matrix_synapse_database_database" -- name: Fail if asking to configure deprecaed workers (appservice, userdir) +- name: Fail if asking to configure deprecated workers (appservice, userdir) ansible.builtin.fail: msg: >- `{{ item }}` cannot be more than 0. @@ -30,7 +30,6 @@ `{{ item }}` cannot be more than 1. This is a single-instance worker. when: "vars[item]|int > 1" with_items: - - "matrix_synapse_workers_pusher_workers_count" - "matrix_synapse_workers_stream_writer_typing_stream_workers_count" - "matrix_synapse_workers_stream_writer_to_device_stream_workers_count" - "matrix_synapse_workers_stream_writer_account_data_stream_workers_count" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 9f6679fc..5e60f1c0 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -355,9 +355,6 @@ worker_app: synapse.app.homeserver {% if matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list | length > 0 %} enable_media_repo: false {% endif %} -{% if matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'pusher') | list | length > 0 %} -start_pushers: false -{% endif %} daemonize: false {% endif %} @@ -2862,6 +2859,9 @@ send_federation: {{ matrix_synapse_send_federation | to_json }} # - federation_sender1 federation_sender_instances: {{ matrix_synapse_federation_sender_instances | to_json }} +pusher_instances: {{ matrix_synapse_federation_pusher_instances | to_json }} +start_pushers: {{ matrix_synapse_start_pushers | to_json }} + # When using workers this should be a map from `worker_name` to the # HTTP replication listener of the worker, if configured. # From 8cd7c1ec2f85d80659f33fe7334f4a4ddfd34ac4 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 15 Sep 2022 08:37:19 +0300 Subject: [PATCH 35/55] Relocate enable_media_repo and make it configurable via matrix_synapse_enable_media_repo .. although.. manual configuration is discouraged in most cases. --- roles/matrix-synapse/defaults/main.yml | 11 ++++++++--- .../templates/synapse/homeserver.yaml.j2 | 8 +------- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index ca84ff38..05cd767a 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -508,8 +508,8 @@ matrix_synapse_workers_pusher_workers_metrics_range_start: 19200 # Adjusting this value manually is generally not necessary. matrix_synapse_federation_pusher_instances: [] -# matrix_synapse_start_pushers controls if theh main Synapse process should push out notifications or if it should be left to pusher workers (see `matrix_synapse_federation_pusher_instances`). -# This is allowed if workers are disabled, or if there are no pusher workers. +# matrix_synapse_start_pushers controls if the main Synapse process should push out notifications or if it should be left to pusher workers (see `matrix_synapse_federation_pusher_instances`). +# This is enabled if workers are disabled, or if there are no pusher workers. # Adjusting this value manually is generally not necessary. matrix_synapse_start_pushers: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'pusher') | list | length > 0) }}" @@ -529,7 +529,7 @@ matrix_synapse_workers_federation_sender_workers_metrics_range_start: 19400 # Adjusting this value manually is generally not necessary. matrix_synapse_federation_sender_instances: [] -# matrix_synapse_send_federation controls if theh main Synapse process should send federation traffic or if it should be left to federation_sender workers (see `matrix_synapse_federation_sender_instances`). +# matrix_synapse_send_federation controls if the main Synapse process should send federation traffic or if it should be left to federation_sender workers (see `matrix_synapse_federation_sender_instances`). # This is allowed if workers are disabled, or if there are no federation sender workers. # Adjusting this value manually is generally not necessary. matrix_synapse_send_federation: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'federation_sender') | list | length > 0) }}" @@ -538,6 +538,11 @@ matrix_synapse_workers_media_repository_workers_count: "{{ matrix_synapse_worker matrix_synapse_workers_media_repository_workers_port_range_start: 18551 matrix_synapse_workers_media_repository_workers_metrics_range_start: 19551 +# matrix_synapse_enable_media_repo controls if the main Synapse process should serve media repository endpoints or if it should be left to media_repository workers (see `matrix_synapse_workers_media_repository_workers_count`). +# This is enabled if workers are disabled, or if there are no media repository workers. +# Adjusting this value manually is generally not necessary. +matrix_synapse_enable_media_repo: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list | length > 0) }}" + # Disabled until https://github.com/matrix-org/synapse/issues/8787 is resolved. # user_dir workers are deprecated since Synapse v1.59. This will be removed. # See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 5e60f1c0..a635559f 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -349,13 +349,6 @@ listeners: # c.f. https://github.com/matrix-org/synapse/tree/master/contrib/systemd-with-workers/README.md worker_app: synapse.app.homeserver - -# thx https://oznetnerd.com/2017/04/18/jinja2-selectattr-filter/ -# reduce the main worker's offerings to core homeserver business -{% if matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list | length > 0 %} -enable_media_repo: false -{% endif %} - daemonize: false {% endif %} @@ -1017,6 +1010,7 @@ federation_rr_transactions_per_room_per_second: {{ matrix_synapse_federation_rr_ # following if you are using a separate media store worker. # #enable_media_repo: false +enable_media_repo: {{ matrix_synapse_enable_media_repo | to_json }} # Directory where uploaded images and attachments are stored. # From 5f3f460cda5653232087c146b4cd0fa74dff1c96 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 15 Sep 2022 10:00:57 +0300 Subject: [PATCH 36/55] Restore support for appservice and user_dir workers --- CHANGELOG.md | 25 +++++++++++- group_vars/matrix_servers | 2 +- .../nginx/conf.d/matrix-synapse.conf.j2 | 5 ++- roles/matrix-synapse/defaults/main.yml | 38 ++++++++++--------- .../tasks/synapse/workers/init.yml | 20 ++++++++-- .../synapse/workers/util/inject_worker.yml | 2 +- .../matrix-synapse/tasks/validate_config.yml | 14 +------ .../templates/synapse/homeserver.yaml.j2 | 8 ++++ roles/matrix-synapse/vars/main.yml | 23 +++++++++-- roles/matrix-synapse/vars/workers.yml | 4 +- 10 files changed, 100 insertions(+), 41 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 90b9b8f7..37032735 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,12 +1,14 @@ # 2022-09-15 -## (Potential Backward Compatibility Break) Major changes to Synapse workers +## (Potential Backward Compatibility Break) Major improvements to Synapse workers People who are interested in running a Synapse worker setup should know that **our Synapse worker implementation is much more powerful now**: - we've added support for [Stream writers](#stream-writers-support) - we've added support for [multiple federation sender workers](#multiple-federation-sender-workers-support) - we've added support for [multiple pusher workers](#multiple-pusher-workers-support) +- we've restored support for [`appservice` workers](#appservice-worker-support-is-back) +- we've restored support for [`user_dir` workers](#user-directory-worker-support-is-back) - see the [Potential Backward Incompatibilities after these Synapse worker changes](#potential-backward-incompatibilities-after-these-synapse-worker-changes) ### Stream writers support @@ -38,6 +40,25 @@ From now on, you can have as many as you want to help with your federation traff Until now, we only supported a single `pusher` worker (`matrix_synapse_workers_pusher_workers_count` could either be `0` or `1`). From now on, you can have as many as you want to help with pushing notifications out. +### Appservice worker support is back + +We previously had an `appservice` worker type, which [Synapse deprecated in v1.59.0](https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types). So did we, at the time. + +The new way to implement such workers is by using a `generic_worker` and dedicating it to the task of talking to Application Services. +From now on, we have support for this. + +With `matrix_synapse_workers_preset: one-of-each`, you'll get one `appserice` worker automatically. +You can also control the `appserice` workers count with `matrix_synapse_workers_appserice_workers_count`. Only `0` or `1` workers of this type are supported by Synapse. + +### User Directory worker support is back + +We previously had a `user_dir` worker type, which [Synapse deprecated in v1.59.0](https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types). So did we, at the time. + +The new way to implement such workers is by using a `generic_worker` and dedicating it to the task of serving the user directory. +From now on, we have support for this. + +With `matrix_synapse_workers_preset: one-of-each`, you'll get one `user_dir` worker automatically. +You can also control the `user_dir` workers count with `matrix_synapse_workers_user_dir_workers_count`. Only `0` or `1` workers of this type are supported by Synapse. ### Potential Backward Incompatibilities after these Synapse worker changes @@ -45,6 +66,8 @@ Below we'll discuss **potential backward incompatibilities**. - **Worker names** (container names, systemd services, worker configuration files) **have changed**. Workers are now labeled sequentially (e.g. `matrix-synapse-worker_generic_worker-18111` -> `matrix-synapse-worker-generic-0`). The playbook will handle these changes automatically. +- Due to increased worker types support above, people who use `matrix_synapse_workers_preset: one-of-each` should be aware that with these changes, **the playbook will deploy 8 additional workers** (6 stream writers, 1 `appservice` worker, 1 `user_dir` worker). This **may increase RAM/CPU usage**, etc. If you find your server struggling, consider disabling some workers with the appropriate `matrix_synapse_workers_*_workers_count` variables. + - **Metric endpoints have also changed** (`/metrics/synapse/worker/generic_worker-18111` -> `/metrics/synapse/worker/generic-worker-0`). If you're [collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server), consider revisiting our [Collecting Synapse worker metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-synapse-worker-metrics-to-an-external-prometheus-server) docs and updating your Prometheus configuration. **If you're collecting metrics to the integrated Prometheus server** (not enabled by default), **your Prometheus configuration will be updated automatically**. Old data (from before this change) may stick around though. - **the format of `matrix_synapse_workers_enabled_list` has changed**. You were never advised to use this variable for directly creating workers (we advise people to control workers using `matrix_synapse_workers_preset` or by tweaking `matrix_synapse_workers_*_workers_count` variables only), but some people may have started using the `matrix_synapse_workers_enabled_list` variable to gain more control over workers. If you're one of them, you'll need to adjust its value. See `roles/matrix-synapse/defaults/main.yml` for more information on the new format. The playbook will also do basic validation and complain if you got something wrong. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index e891a3d9..78d1ed68 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1766,7 +1766,7 @@ matrix_nginx_proxy_synapse_stream_writer_account_data_stream_worker_client_serve matrix_nginx_proxy_synapse_stream_writer_receipts_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_receipts_stream_worker_client_server_endpoints }}" matrix_nginx_proxy_synapse_stream_writer_presence_stream_worker_client_server_locations: "{{ matrix_synapse_workers_stream_writer_presence_stream_worker_client_server_endpoints }}" matrix_nginx_proxy_synapse_media_repository_locations: "{{matrix_synapse_workers_media_repository_endpoints|default([]) }}" -matrix_nginx_proxy_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_endpoints|default([]) }}" +matrix_nginx_proxy_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_worker_client_server_endpoints|default([]) }}" matrix_nginx_proxy_systemd_wanted_services_list: | {{ diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index bbce7462..488ced5a 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -133,8 +133,9 @@ server { {% endif %} {% if user_dir_workers | length > 0 %} - # FIXME: obsolete if matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled is set - # https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappuser_dir + # https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory + # If matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled is set, requests may not reach here, + # but could be captured early on (see `matrix-domain.conf.j2`) and forwarded elsewhere (to an identity server, etc.). {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_user_dir_locations, 'user_dir_workers_upstream') }} {% endif %} {# Workers redirects END #} diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 05cd767a..7f6ce40f 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -394,9 +394,9 @@ matrix_synapse_workers_presets: little-federation-helper: generic_workers_count: 0 pusher_workers_count: 0 - appservice_workers_count: 0 federation_sender_workers_count: 1 media_repository_workers_count: 0 + appservice_workers_count: 0 user_dir_workers_count: 0 stream_writer_events_stream_workers_count: 0 stream_writer_typing_stream_workers_count: 0 @@ -407,14 +407,10 @@ matrix_synapse_workers_presets: one-of-each: generic_workers_count: 1 pusher_workers_count: 1 - # appservice workers are deprecated since Synapse v1.59. This will be removed. - appservice_workers_count: 0 federation_sender_workers_count: 1 media_repository_workers_count: 1 - # Disabled until https://github.com/matrix-org/synapse/issues/8787 is resolved. - # user_dir workers are deprecated since Synapse v1.59. This will be removed. - # See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types - user_dir_workers_count: 0 + appservice_workers_count: 1 + user_dir_workers_count: 1 stream_writer_events_stream_workers_count: 1 stream_writer_typing_stream_workers_count: 1 stream_writer_to_device_stream_workers_count: 1 @@ -513,12 +509,6 @@ matrix_synapse_federation_pusher_instances: [] # Adjusting this value manually is generally not necessary. matrix_synapse_start_pushers: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'pusher') | list | length > 0) }}" -# matrix_synapse_workers_appservice_workers_count can only be 0 or 1. More instances are not supported. -# appservice workers are deprecated since Synapse v1.59. This will be removed. -# See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types -matrix_synapse_workers_appservice_workers_count: 0 -matrix_synapse_workers_appservice_workers_metrics_range_start: 19300 - # matrix_synapse_workers_federation_sender_workers_count controls the number of federation sender workers to spawn. # See https://matrix-org.github.io/synapse/latest/workers.html#synapseappfederation_sender matrix_synapse_workers_federation_sender_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['federation_sender_workers_count'] }}" @@ -543,13 +533,27 @@ matrix_synapse_workers_media_repository_workers_metrics_range_start: 19551 # Adjusting this value manually is generally not necessary. matrix_synapse_enable_media_repo: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list | length > 0) }}" -# Disabled until https://github.com/matrix-org/synapse/issues/8787 is resolved. -# user_dir workers are deprecated since Synapse v1.59. This will be removed. -# See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types -matrix_synapse_workers_user_dir_workers_count: 0 +# matrix_synapse_workers_appservice_workers_count can only be 0 or 1. More instances are not supported. +# appservice workers were deprecated since Synapse v1.59 (see: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types). +# Our implementation uses generic worker services and assigns them to perform appservice work using the `notify_appservices_from_worker` Synapse option. +matrix_synapse_workers_appservice_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['appservice_workers_count'] }}" +matrix_synapse_workers_appservice_workers_metrics_range_start: 19300 + +# matrix_synapse_notify_appservices_from_worker populates the `notify_appservices_from_worker` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`). +# `notify_appservices_from_worker` is meant to point to a worker, which is dedicated to sending output traffic to Application Services. +matrix_synapse_notify_appservices_from_worker: "{{ (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'appservice') | list)[0].name if (matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'appservice') | list | length > 0) else '' }}" + +# matrix_synapse_workers_user_dir_workers_count can only be 0 or 1. More instances are not supported. +# user_dir workers were deprecated since Synapse v1.59 (see: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types). +# Our implementation uses generic worker services and assigns them to perform appservice work using the `update_user_directory_from_worker` Synapse option. +matrix_synapse_workers_user_dir_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['user_dir_workers_count'] }}" matrix_synapse_workers_user_dir_workers_port_range_start: 18661 matrix_synapse_workers_user_dir_workers_metrics_range_start: 19661 +# matrix_synapse_update_user_directory_from_worker populates the `update_user_directory_from_worker` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`). +# `update_user_directory_from_worker` is meant to point to a worker, which is dedicated to updating the user directory and servicing some user directory URL endpoints (`matrix_synapse_workers_user_dir_worker_client_server_endpoints`). +matrix_synapse_update_user_directory_from_worker: "{{ (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'user_dir') | list)[0].name if (matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'user_dir') | list | length > 0) else '' }}" + # Default list of workers to spawn. # # Unless you populate this manually, this list is dynamically generated diff --git a/roles/matrix-synapse/tasks/synapse/workers/init.yml b/roles/matrix-synapse/tasks/synapse/workers/init.yml index 6ab6784f..c5a53297 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/init.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/init.yml @@ -58,8 +58,6 @@ matrix_synapse_federation_sender_instances: "{{ matrix_synapse_federation_sender_instances + [item.ansible_facts.worker.name] }}" with_items: "{{ matrix_synapse_workers_list_results_federation_sender_workers.results }}" -- debug: var="matrix_synapse_federation_sender_instances" - # This type of worker can only have a count of 1, at most - name: Build pusher workers ansible.builtin.set_fact: @@ -81,13 +79,27 @@ id: "appservice-{{ item }}" name: "matrix-synapse-worker-appservice-{{ item }}" type: 'appservice' - app: 'appservice' + app: 'generic_worker' webserving: false port: 0 metrics_port: "{{ matrix_synapse_workers_appservice_workers_metrics_range_start + item }}" register: "matrix_synapse_workers_list_results_appservice_workers" loop: "{{ range(0, matrix_synapse_workers_appservice_workers_count | int) | list }}" +# This type of worker can only have a count of 1, at most +- name: Build user_dir workers + ansible.builtin.set_fact: + worker: + id: "user-dir-{{ item }}" + name: "matrix-synapse-worker-user-dir-{{ item }}" + type: 'user_dir' + app: 'generic_worker' + webserving: true + port: "{{ matrix_synapse_workers_user_dir_workers_port_range_start + item }}" + metrics_port: "{{ matrix_synapse_workers_user_dir_workers_metrics_range_start + item }}" + register: "matrix_synapse_workers_list_results_user_dir_workers" + loop: "{{ range(0, matrix_synapse_workers_user_dir_workers_count | int) | list }}" + - name: Build media_repository workers ansible.builtin.set_fact: worker: @@ -115,6 +127,8 @@ + matrix_synapse_workers_list_results_appservice_workers.results + + matrix_synapse_workers_list_results_user_dir_workers.results + + matrix_synapse_workers_list_results_media_repository_workers.results }} diff --git a/roles/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml b/roles/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml index 4f6b4398..0a52db32 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml @@ -59,7 +59,7 @@ matrix_synapse_webserving_workers_systemd_services_list: "{{ matrix_synapse_webserving_workers_systemd_services_list + [matrix_synapse_worker_details.name + '.service'] }}" when: matrix_synapse_worker_details.webserving | bool -# Inject stream writers and various other background workers into the instance map. +# Inject stream writers into the instance map. - ansible.builtin.set_fact: matrix_synapse_instance_map: "{{ matrix_synapse_instance_map | combine({matrix_synapse_worker_details.name: {'host': matrix_synapse_worker_details.name, 'port': matrix_synapse_worker_details.replication_port}}) }}" when: matrix_synapse_worker_details.type in matrix_synapse_known_instance_map_eligible_worker_types diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/matrix-synapse/tasks/validate_config.yml index faab7daa..f6b1fe68 100644 --- a/roles/matrix-synapse/tasks/validate_config.yml +++ b/roles/matrix-synapse/tasks/validate_config.yml @@ -12,24 +12,14 @@ - "matrix_synapse_database_password" - "matrix_synapse_database_database" -- name: Fail if asking to configure deprecated workers (appservice, userdir) - ansible.builtin.fail: - msg: >- - `{{ item }}` cannot be more than 0. - This type of worker has been deprecated since Synapse v1.59. - Please remove your `{{ item }}` configuration to solve this problem. - See: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types - when: "vars[item]|int != 0" - with_items: - - "matrix_synapse_workers_appservice_workers_count" - - "matrix_synapse_workers_user_dir_workers_count" - - name: Fail if asking for more than 1 instance of single-instance workers ansible.builtin.fail: msg: >- `{{ item }}` cannot be more than 1. This is a single-instance worker. when: "vars[item]|int > 1" with_items: + - "matrix_synapse_workers_appservice_workers_count" + - "matrix_synapse_workers_user_dir_workers_count" - "matrix_synapse_workers_stream_writer_typing_stream_workers_count" - "matrix_synapse_workers_stream_writer_to_device_stream_workers_count" - "matrix_synapse_workers_stream_writer_account_data_stream_workers_count" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index a635559f..ef8684ab 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2874,6 +2874,14 @@ instance_map: {{ matrix_synapse_instance_map | to_json }} # typing: worker1 stream_writers: {{ matrix_synapse_stream_writers | to_json }} +{% if matrix_synapse_notify_appservices_from_worker != '' %} +notify_appservices_from_worker: {{ matrix_synapse_notify_appservices_from_worker | to_json }} +{% endif %} + +{% if matrix_synapse_update_user_directory_from_worker != '' %} +update_user_directory_from_worker: {{ matrix_synapse_update_user_directory_from_worker | to_json }} +{% endif %} + # The worker that is used to run background tasks (e.g. cleaning up expired # data). If not provided this defaults to the main process. # diff --git a/roles/matrix-synapse/vars/main.yml b/roles/matrix-synapse/vars/main.yml index e8b0e49c..2dc00fea 100644 --- a/roles/matrix-synapse/vars/main.yml +++ b/roles/matrix-synapse/vars/main.yml @@ -64,6 +64,11 @@ matrix_synapse_workers_stream_writer_receipts_stream_worker_client_server_endpoi matrix_synapse_workers_stream_writer_presence_stream_worker_client_server_endpoints: - ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ +# matrix_synapse_workers_user_dir_worker_client_server_endpoints contains the endpoints serviced by the `type = user_dir` (`app = generic_worker`) worker. +# See: https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory +matrix_synapse_workers_user_dir_worker_client_server_endpoints: + - ^/_matrix/client/(r0|v3|unstable)/user_directory/search$ + # matrix_synapse_workers_known_stream_writer_stream_types contains the list of stream writer stream types that the playbook recognizes. # This is used for validation purposes. If adding support for a new type, besides adding it to this list, # don't forget to actually configure it where appropriate (see worker.yaml.j2`, the nginx proxy configuration, etc). @@ -79,13 +84,25 @@ matrix_synapse_workers_webserving_stream_writer_types: ['typing', 'to_device', ' matrix_synapse_webserving_workers_systemd_services_list: [] # matrix_synapse_known_worker_types contains the list of known worker types. +# # A worker type is different than a worker app (e.g. `generic_worker`). # For example, the `stream_writer` worker type is served by the `generic_worker` app, but is a separate type that we recognize. +# +# Some other types (`appservice` and `user_dir`) used to be Synapse worker apps, which got subsequently deprecated. +# We still allow these types of workers and map them to the `generic_worker` app, +# which is why we make sure they're part of the list below. +# We use the `unique` filter because they're part of `matrix_synapse_workers_avail_list` too (for now; scheduled for removal). matrix_synapse_known_worker_types: | {{ - matrix_synapse_workers_avail_list - + - ['stream_writer'] + ( + matrix_synapse_workers_avail_list + + + ['stream_writer'] + + + ['appservice'] + + + ['user_dir'] + ) | unique }} # matrix_synapse_known_instance_map_eligible_worker_types contains the list of worker types that are to be injected into `matrix_synapse_instance_map`. diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml index 3f34bcb2..bc49e835 100644 --- a/roles/matrix-synapse/vars/workers.yml +++ b/roles/matrix-synapse/vars/workers.yml @@ -90,7 +90,9 @@ matrix_synapse_workers_generic_worker_endpoints: # - ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/ # User directory search requests - - ^/_matrix/client/(r0|v3|unstable)/user_directory/search$ + # Any worker can handle these, but we have a dedicated user_dir worker for this, + # so we'd like for other generic workers to not try and capture these requests. + # - ^/_matrix/client/(r0|v3|unstable)/user_directory/search$ # Additionally, the following REST endpoints can be handled for GET requests: From a1fb0826183af614c277430f257bfcc729026d53 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 15 Sep 2022 10:32:51 +0300 Subject: [PATCH 37/55] Add support for running background tasks on a worker --- CHANGELOG.md | 10 +++++++++- roles/matrix-synapse/defaults/main.yml | 11 +++++++++++ .../tasks/synapse/workers/init.yml | 16 ++++++++++++++++ roles/matrix-synapse/tasks/validate_config.yml | 1 + .../templates/synapse/homeserver.yaml.j2 | 3 +++ roles/matrix-synapse/vars/main.yml | 2 ++ 6 files changed, 42 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 37032735..06cac7a7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ People who are interested in running a Synapse worker setup should know that **o - we've added support for [Stream writers](#stream-writers-support) - we've added support for [multiple federation sender workers](#multiple-federation-sender-workers-support) - we've added support for [multiple pusher workers](#multiple-pusher-workers-support) +- we've added support for [running background tasks on a worker](#background-tasks-can-run-on-a-worker) - we've restored support for [`appservice` workers](#appservice-worker-support-is-back) - we've restored support for [`user_dir` workers](#user-directory-worker-support-is-back) - see the [Potential Backward Incompatibilities after these Synapse worker changes](#potential-backward-incompatibilities-after-these-synapse-worker-changes) @@ -40,6 +41,13 @@ From now on, you can have as many as you want to help with your federation traff Until now, we only supported a single `pusher` worker (`matrix_synapse_workers_pusher_workers_count` could either be `0` or `1`). From now on, you can have as many as you want to help with pushing notifications out. +### Background tasks can run on a worker + +From now on, you can put [background task processing on a worker](https://matrix-org.github.io/synapse/latest/workers.html#background-tasks). + +With `matrix_synapse_workers_preset: one-of-each`, you'll get one `background` worker automatically. +You can also control the `background` workers count with `matrix_synapse_workers_background_workers_count`. Only `0` or `1` workers of this type are supported by Synapse. + ### Appservice worker support is back We previously had an `appservice` worker type, which [Synapse deprecated in v1.59.0](https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types). So did we, at the time. @@ -66,7 +74,7 @@ Below we'll discuss **potential backward incompatibilities**. - **Worker names** (container names, systemd services, worker configuration files) **have changed**. Workers are now labeled sequentially (e.g. `matrix-synapse-worker_generic_worker-18111` -> `matrix-synapse-worker-generic-0`). The playbook will handle these changes automatically. -- Due to increased worker types support above, people who use `matrix_synapse_workers_preset: one-of-each` should be aware that with these changes, **the playbook will deploy 8 additional workers** (6 stream writers, 1 `appservice` worker, 1 `user_dir` worker). This **may increase RAM/CPU usage**, etc. If you find your server struggling, consider disabling some workers with the appropriate `matrix_synapse_workers_*_workers_count` variables. +- Due to increased worker types support above, people who use `matrix_synapse_workers_preset: one-of-each` should be aware that with these changes, **the playbook will deploy 9 additional workers** (6 stream writers, 1 `appservice` worker, 1 `user_dir` worker, 1 background task worker). This **may increase RAM/CPU usage**, etc. If you find your server struggling, consider disabling some workers with the appropriate `matrix_synapse_workers_*_workers_count` variables. - **Metric endpoints have also changed** (`/metrics/synapse/worker/generic_worker-18111` -> `/metrics/synapse/worker/generic-worker-0`). If you're [collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server), consider revisiting our [Collecting Synapse worker metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-synapse-worker-metrics-to-an-external-prometheus-server) docs and updating your Prometheus configuration. **If you're collecting metrics to the integrated Prometheus server** (not enabled by default), **your Prometheus configuration will be updated automatically**. Old data (from before this change) may stick around though. diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 7f6ce40f..672285cc 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -398,6 +398,7 @@ matrix_synapse_workers_presets: media_repository_workers_count: 0 appservice_workers_count: 0 user_dir_workers_count: 0 + background_workers_count: 0 stream_writer_events_stream_workers_count: 0 stream_writer_typing_stream_workers_count: 0 stream_writer_to_device_stream_workers_count: 0 @@ -411,6 +412,7 @@ matrix_synapse_workers_presets: media_repository_workers_count: 1 appservice_workers_count: 1 user_dir_workers_count: 1 + background_workers_count: 1 stream_writer_events_stream_workers_count: 1 stream_writer_typing_stream_workers_count: 1 stream_writer_to_device_stream_workers_count: 1 @@ -554,6 +556,15 @@ matrix_synapse_workers_user_dir_workers_metrics_range_start: 19661 # `update_user_directory_from_worker` is meant to point to a worker, which is dedicated to updating the user directory and servicing some user directory URL endpoints (`matrix_synapse_workers_user_dir_worker_client_server_endpoints`). matrix_synapse_update_user_directory_from_worker: "{{ (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'user_dir') | list)[0].name if (matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'user_dir') | list | length > 0) else '' }}" +# matrix_synapse_workers_background_workers_count can only be 0 or 1. More instances are not supported. +# Our implementation uses a generic worker and assigns Synapse to perform background work on this worker using the `run_background_tasks_on` Synapse option. +matrix_synapse_workers_background_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['background_workers_count'] }}" +matrix_synapse_workers_background_workers_metrics_range_start: 19700 + +# matrix_synapse_run_background_tasks_on populates the `run_background_tasks_on` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`). +# `run_background_tasks_on` is meant to point to a worker, which is dedicated to processing background tasks. +matrix_synapse_run_background_tasks_on: "{{ (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'background') | list)[0].name if (matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'background') | list | length > 0) else '' }}" + # Default list of workers to spawn. # # Unless you populate this manually, this list is dynamically generated diff --git a/roles/matrix-synapse/tasks/synapse/workers/init.yml b/roles/matrix-synapse/tasks/synapse/workers/init.yml index c5a53297..0c2b8a79 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/init.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/init.yml @@ -100,6 +100,20 @@ register: "matrix_synapse_workers_list_results_user_dir_workers" loop: "{{ range(0, matrix_synapse_workers_user_dir_workers_count | int) | list }}" +# This type of worker can only have a count of 1, at most +- name: Build background workers + ansible.builtin.set_fact: + worker: + id: "background-{{ item }}" + name: "matrix-synapse-worker-background-{{ item }}" + type: 'background' + app: 'generic_worker' + webserving: false + port: 0 + metrics_port: "{{ matrix_synapse_workers_background_workers_metrics_range_start + item }}" + register: "matrix_synapse_workers_list_results_background_workers" + loop: "{{ range(0, matrix_synapse_workers_background_workers_count | int) | list }}" + - name: Build media_repository workers ansible.builtin.set_fact: worker: @@ -130,6 +144,8 @@ matrix_synapse_workers_list_results_user_dir_workers.results + matrix_synapse_workers_list_results_media_repository_workers.results + + + matrix_synapse_workers_list_results_background_workers.results }} - ansible.builtin.set_fact: diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/matrix-synapse/tasks/validate_config.yml index f6b1fe68..79e58154 100644 --- a/roles/matrix-synapse/tasks/validate_config.yml +++ b/roles/matrix-synapse/tasks/validate_config.yml @@ -20,6 +20,7 @@ with_items: - "matrix_synapse_workers_appservice_workers_count" - "matrix_synapse_workers_user_dir_workers_count" + - "matrix_synapse_workers_background_workers_count" - "matrix_synapse_workers_stream_writer_typing_stream_workers_count" - "matrix_synapse_workers_stream_writer_to_device_stream_workers_count" - "matrix_synapse_workers_stream_writer_account_data_stream_workers_count" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index ef8684ab..e330617f 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2886,6 +2886,9 @@ update_user_directory_from_worker: {{ matrix_synapse_update_user_directory_from_ # data). If not provided this defaults to the main process. # #run_background_tasks_on: worker1 +{% if matrix_synapse_run_background_tasks_on != '' %} +run_background_tasks_on: {{ matrix_synapse_run_background_tasks_on | to_json }} +{% endif %} # A shared secret used by the replication APIs to authenticate HTTP requests # from workers. diff --git a/roles/matrix-synapse/vars/main.yml b/roles/matrix-synapse/vars/main.yml index 2dc00fea..b403b461 100644 --- a/roles/matrix-synapse/vars/main.yml +++ b/roles/matrix-synapse/vars/main.yml @@ -102,6 +102,8 @@ matrix_synapse_known_worker_types: | ['appservice'] + ['user_dir'] + + + ['background'] ) | unique }} From 8887aed500db8f0cc9de30170e9d272d029d14b8 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 15 Sep 2022 10:34:02 +0300 Subject: [PATCH 38/55] Do not add federation_sender_instances/pusher_instances configuration if not necessary This keeps the configuration cleaner and hopefully prevents odd issues if Synapse (by any chance) happens to interpret `pusher_instances: []` as "no pushers", instead of as "push from the master process". I haven't confirmed what an empty pushers/federation-senders list means, so it's safer to just avoid it. --- roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index e330617f..3cd76bf9 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2851,9 +2851,13 @@ send_federation: {{ matrix_synapse_send_federation | to_json }} # #federation_sender_instances: # - federation_sender1 +{% if matrix_synapse_federation_sender_instances | length > 0 %} federation_sender_instances: {{ matrix_synapse_federation_sender_instances | to_json }} +{% endif %} +{% if matrix_synapse_federation_pusher_instances | length > 0 %} pusher_instances: {{ matrix_synapse_federation_pusher_instances | to_json }} +{% endif %} start_pushers: {{ matrix_synapse_start_pushers | to_json }} # When using workers this should be a map from `worker_name` to the From 109e1addb882304a4fa31db7ae253a72c1c867a8 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 15 Sep 2022 10:45:03 +0300 Subject: [PATCH 39/55] Improve reliability when using more than 1 media_repository worker --- CHANGELOG.md | 8 ++++++++ roles/matrix-synapse/defaults/main.yml | 5 +++++ roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 4 ++++ 3 files changed, 17 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 06cac7a7..95356d8c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ People who are interested in running a Synapse worker setup should know that **o - we've added support for [running background tasks on a worker](#background-tasks-can-run-on-a-worker) - we've restored support for [`appservice` workers](#appservice-worker-support-is-back) - we've restored support for [`user_dir` workers](#user-directory-worker-support-is-back) +- we've made it possible to [reliably use more than 1 `media_repository` worker](#using-more-than-1-media-repository-worker-is-now-more-reliable) - see the [Potential Backward Incompatibilities after these Synapse worker changes](#potential-backward-incompatibilities-after-these-synapse-worker-changes) ### Stream writers support @@ -68,6 +69,13 @@ From now on, we have support for this. With `matrix_synapse_workers_preset: one-of-each`, you'll get one `user_dir` worker automatically. You can also control the `user_dir` workers count with `matrix_synapse_workers_user_dir_workers_count`. Only `0` or `1` workers of this type are supported by Synapse. +### Using more than 1 media repository worker is now more reliable + +With `matrix_synapse_workers_preset: one-of-each`, we only launch one `media_repository` worker. + +If you've been configuring `matrix_synapse_workers_media_repository_workers_count` manually, you may have increased that to more workers. +When multiple media repository workers are in use, background tasks related to the media repository must always be configured to run on a single `media_repository` worker via `media_instance_running_background_jobs`. Until now, we weren't doing this correctly, but we now are. + ### Potential Backward Incompatibilities after these Synapse worker changes Below we'll discuss **potential backward incompatibilities**. diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 672285cc..dab098fb 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -535,6 +535,11 @@ matrix_synapse_workers_media_repository_workers_metrics_range_start: 19551 # Adjusting this value manually is generally not necessary. matrix_synapse_enable_media_repo: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list | length > 0) }}" +# matrix_synapse_media_instance_running_background_jobs populates the `media_instance_running_background_jobs` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`). +# `media_instance_running_background_jobs` is meant to point to a single media-repository worker, which is dedicated to running background tasks that maintain the media repository. +# Multiple `media_repository` workers may be enabled. We always pick the first one as the background tasks worker. +matrix_synapse_media_instance_running_background_jobs: "{{ (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list)[0].name if (matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list | length > 0) else '' }}" + # matrix_synapse_workers_appservice_workers_count can only be 0 or 1. More instances are not supported. # appservice workers were deprecated since Synapse v1.59 (see: https://github.com/matrix-org/synapse/blob/v1.59.0/docs/upgrade.md#deprecation-of-the-synapseappappservice-and-synapseappuser_dir-worker-application-types). # Our implementation uses generic worker services and assigns them to perform appservice work using the `notify_appservices_from_worker` Synapse option. diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 3cd76bf9..ae71b7ae 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2894,6 +2894,10 @@ update_user_directory_from_worker: {{ matrix_synapse_update_user_directory_from_ run_background_tasks_on: {{ matrix_synapse_run_background_tasks_on | to_json }} {% endif %} +{% if matrix_synapse_media_instance_running_background_jobs != '' %} +media_instance_running_background_jobs: {{ matrix_synapse_media_instance_running_background_jobs | to_json }} +{% endif %} + # A shared secret used by the replication APIs to authenticate HTTP requests # from workers. # From ef112181a1b4dae89642e2189da610244f03602f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 15 Sep 2022 10:46:17 +0300 Subject: [PATCH 40/55] Update some Synapse documentation URLs --- .../templates/nginx/conf.d/matrix-synapse.conf.j2 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index 488ced5a..1d6f2106 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -81,7 +81,7 @@ server { {# Workers redirects BEGIN #} {% if generic_workers | length > 0 %} - # https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappgeneric_worker + # https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_generic_worker_client_server_locations, 'generic_workers_upstream') }} {% endif %} @@ -111,7 +111,7 @@ server { {% endif %} {% if media_repository_workers | length > 0 %} - # https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappmedia_repository + # https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository {% for location in matrix_nginx_proxy_synapse_media_repository_locations %} location ~ {{ location }} { proxy_pass http://media_repository_workers_upstream$request_uri; @@ -182,11 +182,11 @@ server { {% if matrix_nginx_proxy_synapse_workers_enabled %} {% if generic_workers | length > 0 %} - # https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappgeneric_worker + # https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker {{ render_locations_to_upstream(matrix_nginx_proxy_synapse_generic_worker_federation_locations, 'generic_workers_upstream') }} {% endif %} {% if media_repository_workers | length > 0 %} - # https://github.com/matrix-org/synapse/blob/master/docs/workers.md#synapseappmedia_repository + # https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository {% for location in matrix_nginx_proxy_synapse_media_repository_locations %} location ~ {{ location }} { proxy_pass http://media_repository_workers_upstream$request_uri; From 800267b1824d98ac3e7bf6043b821ef0cb6dd72d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 15 Sep 2022 12:33:23 +0300 Subject: [PATCH 41/55] Fix incorrect if checks breaking start_pushers/send_federaiton/enable_media_repo Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2103 --- roles/matrix-synapse/defaults/main.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index dab098fb..4e0af66b 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -507,9 +507,9 @@ matrix_synapse_workers_pusher_workers_metrics_range_start: 19200 matrix_synapse_federation_pusher_instances: [] # matrix_synapse_start_pushers controls if the main Synapse process should push out notifications or if it should be left to pusher workers (see `matrix_synapse_federation_pusher_instances`). -# This is enabled if workers are disabled, or if there are no pusher workers. +# This is enabled if workers are disabled, or if they are enabled, but there are no pusher workers. # Adjusting this value manually is generally not necessary. -matrix_synapse_start_pushers: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'pusher') | list | length > 0) }}" +matrix_synapse_start_pushers: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'pusher') | list | length == 0) }}" # matrix_synapse_workers_federation_sender_workers_count controls the number of federation sender workers to spawn. # See https://matrix-org.github.io/synapse/latest/workers.html#synapseappfederation_sender @@ -522,18 +522,18 @@ matrix_synapse_workers_federation_sender_workers_metrics_range_start: 19400 matrix_synapse_federation_sender_instances: [] # matrix_synapse_send_federation controls if the main Synapse process should send federation traffic or if it should be left to federation_sender workers (see `matrix_synapse_federation_sender_instances`). -# This is allowed if workers are disabled, or if there are no federation sender workers. +# This is allowed if workers are disabled, or they are enabled, but there are no federation sender workers. # Adjusting this value manually is generally not necessary. -matrix_synapse_send_federation: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'federation_sender') | list | length > 0) }}" +matrix_synapse_send_federation: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'federation_sender') | list | length == 0) }}" matrix_synapse_workers_media_repository_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['media_repository_workers_count'] }}" matrix_synapse_workers_media_repository_workers_port_range_start: 18551 matrix_synapse_workers_media_repository_workers_metrics_range_start: 19551 # matrix_synapse_enable_media_repo controls if the main Synapse process should serve media repository endpoints or if it should be left to media_repository workers (see `matrix_synapse_workers_media_repository_workers_count`). -# This is enabled if workers are disabled, or if there are no media repository workers. +# This is enabled if workers are disabled, or if they are enabled, but there are no media repository workers. # Adjusting this value manually is generally not necessary. -matrix_synapse_enable_media_repo: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list | length > 0) }}" +matrix_synapse_enable_media_repo: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'media_repository') | list | length == 0) }}" # matrix_synapse_media_instance_running_background_jobs populates the `media_instance_running_background_jobs` Synapse configuration used when Synapse workers are in use (`matrix_synapse_workers_enabled`). # `media_instance_running_background_jobs` is meant to point to a single media-repository worker, which is dedicated to running background tasks that maintain the media repository. From b07fd768300ff39054d8204024d3ad01dce36e9c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 15 Sep 2022 12:46:41 +0300 Subject: [PATCH 42/55] Fix prometheus.yml.j2 indentation and worker ids for stream writers Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2105 --- roles/matrix-prometheus/templates/prometheus.yml.j2 | 10 +++++----- roles/matrix-synapse/tasks/synapse/workers/init.yml | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/matrix-prometheus/templates/prometheus.yml.j2 b/roles/matrix-prometheus/templates/prometheus.yml.j2 index 628f4f4f..83ae8a9a 100644 --- a/roles/matrix-prometheus/templates/prometheus.yml.j2 +++ b/roles/matrix-prometheus/templates/prometheus.yml.j2 @@ -32,17 +32,17 @@ scrape_configs: static_configs: - targets: {{ matrix_prometheus_scraper_synapse_targets|to_json }} labels: - instance: {{ matrix_domain }} + instance: {{ matrix_domain | to_json }} job: master index: 0 {% for worker in matrix_prometheus_scraper_synapse_workers_enabled_list %} {% if worker.metrics_port != 0 %} - targets: ['{{ worker.name }}:{{ worker.metrics_port }}'] labels: - instance: {{ matrix_domain }} - worker_id: {{ worker.id }} - job: {{ worker.type }} - app: {{ worker.app }} + instance: {{ matrix_domain | to_json }} + worker_id: {{ worker.id | to_json }} + job: {{ worker.type | to_json }} + app: {{ worker.app | to_json }} {% endif %} {% endfor %} {% endif %} diff --git a/roles/matrix-synapse/tasks/synapse/workers/init.yml b/roles/matrix-synapse/tasks/synapse/workers/init.yml index 0c2b8a79..43e44b63 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/init.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/init.yml @@ -20,7 +20,7 @@ - name: Build stream writer workers ansible.builtin.set_fact: worker: - id: "stream-writer-{{ item }}-{{ item.stream }}" + id: "stream-writer-{{ idx }}-{{ item.stream }}" # Names must not include understores. Certain stream writer streams (to_device, account_data, ..) do, so we fix them up. name: "matrix-synapse-worker-stream-writer-{{ idx }}-{{ item.stream | replace('_', '-') }}" type: 'stream_writer' From 3d2547329e9bcbbde802d4a9330eae2d0dd90dab Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 15 Sep 2022 13:14:31 +0300 Subject: [PATCH 43/55] Add missing else clause to inline if Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2103 Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2104 --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 78d1ed68..01e287a7 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1772,7 +1772,7 @@ matrix_nginx_proxy_systemd_wanted_services_list: | {{ ['matrix-' + matrix_homeserver_implementation + '.service'] + - (matrix_synapse_webserving_workers_systemd_services_list if matrix_homeserver_implementation == 'synapse' and matrix_synapse_workers_enabled) + (matrix_synapse_webserving_workers_systemd_services_list if matrix_homeserver_implementation == 'synapse' and matrix_synapse_workers_enabled else []) + (['matrix-corporal.service'] if matrix_corporal_enabled else []) + From b8b7974b78965eb3d7a0fcd9142c0e47b0857c7a Mon Sep 17 00:00:00 2001 From: Jost Alemann <58050402+jalemann@users.noreply.github.com> Date: Fri, 16 Sep 2022 13:13:11 +0200 Subject: [PATCH 44/55] fix: typo --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 95356d8c..deb1bc0c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -56,8 +56,8 @@ We previously had an `appservice` worker type, which [Synapse deprecated in v1.5 The new way to implement such workers is by using a `generic_worker` and dedicating it to the task of talking to Application Services. From now on, we have support for this. -With `matrix_synapse_workers_preset: one-of-each`, you'll get one `appserice` worker automatically. -You can also control the `appserice` workers count with `matrix_synapse_workers_appserice_workers_count`. Only `0` or `1` workers of this type are supported by Synapse. +With `matrix_synapse_workers_preset: one-of-each`, you'll get one `appservice` worker automatically. +You can also control the `appservice` workers count with `matrix_synapse_workers_appservice_workers_count`. Only `0` or `1` workers of this type are supported by Synapse. ### User Directory worker support is back From e87bee15dd376eac897916d9c609c59e93d32d65 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 16 Sep 2022 19:57:52 +0300 Subject: [PATCH 45/55] Add note about the Kakaotalk bridge being dangerous to use --- docs/configuring-playbook-bridge-appservice-kakaotalk.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/configuring-playbook-bridge-appservice-kakaotalk.md b/docs/configuring-playbook-bridge-appservice-kakaotalk.md index 127f18f4..3c49d726 100644 --- a/docs/configuring-playbook-bridge-appservice-kakaotalk.md +++ b/docs/configuring-playbook-bridge-appservice-kakaotalk.md @@ -2,6 +2,8 @@ The playbook can install and configure [matrix-appservice-kakaotalk](https://src.miscworks.net/fair/matrix-appservice-kakaotalk) for you. `matrix-appservice-kakaotalk` is a bridge to [Kakaotalk](https://www.kakaocorp.com/page/service/service/KakaoTalk?lang=ENG) based on [node-kakao](https://github.com/storycraft/node-kakao) (now unmaintained) and some [mautrix-facebook](https://github.com/mautrix/facebook) code. +**NOTE**: there have been recent reports (~2022-09-16) that **using this bridge may get your account banned**. + See the project's [documentation](https://src.miscworks.net/fair/matrix-appservice-kakaotalk) to learn what it does and why it might be useful to you. From e25678c57a3910f72b979882418e3a46a527d501 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 17 Sep 2022 09:23:09 +0300 Subject: [PATCH 46/55] Upgrade Hookshot (2.1.2 -> 2.2.0) --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index d60cf15b..57d31af5 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 2.1.2 +matrix_hookshot_version: 2.2.0 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From b45cd7495c66c680b113e367824297783c8959f4 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 17 Sep 2022 09:39:42 +0300 Subject: [PATCH 47/55] Upgrade mautrix-whatsapp (0.6.1 -> 0.7.0) and change some defaults `ephemeral_events`` and `sync_with_custom_puppets` have been flipped to keep up with the default upstream config: https://github.com/mautrix/whatsapp/commit/b33bd9c4a7e070f03008d2b47ed764b05c2fc20d --- .../matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- .../templates/config.yaml.j2 | 12 ++++++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 821f3f28..81494584 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.6.1 +matrix_mautrix_whatsapp_version: v0.7.0 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 8073da65..87d4627d 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -5,6 +5,9 @@ homeserver: address: {{ matrix_mautrix_whatsapp_homeserver_address }} # The domain of the homeserver (for MXIDs, etc). domain: {{ matrix_mautrix_whatsapp_homeserver_domain }} + # What software is the homeserver running? + # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. + software: standard # The URL to push real-time bridge status to. # If set, the bridge will make POST requests to this URL whenever a user's whatsapp connection state changes. # The bridge will use the appservice as_token to authorize requests. @@ -52,7 +55,7 @@ appservice: # Whether or not to receive ephemeral events via appservice transactions. # Requires MSC2409 support (i.e. Synapse 1.22+). # You should disable bridge -> sync_with_custom_puppets when this is enabled. - ephemeral_events: false + ephemeral_events: true # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}" @@ -188,7 +191,7 @@ bridge: # Should Matrix users leaving groups be bridged to WhatsApp? bridge_matrix_leave: true # Should the bridge sync with double puppeting to receive EDUs that aren't normally sent to appservices. - sync_with_custom_puppets: true + sync_with_custom_puppets: false # Should the bridge update the m.direct account data event when double puppeting is enabled. # Note that updating the m.direct event is not atomic (except with mautrix-asmux) # and is therefore prone to race conditions. @@ -268,6 +271,9 @@ bridge: # Should the bridge never send alerts to the bridge management room? # These are mostly things like the user being logged out. disable_bridge_alerts: false + # Should the bridge stop if the WhatsApp server says another user connected with the same session? + # This is only safe on single-user bridges. + crash_on_stream_replaced: false # Should the bridge detect URLs in outgoing messages, ask the homeserver to generate a preview, # and send it to WhatsApp? URL previews can always be sent using the `com.beeper.linkpreviews` # key in the event content even if this is disabled. @@ -311,6 +317,8 @@ bridge: # This will cause the bridge bot to be in private chats for the encryption to work properly. # It is recommended to also set private_chat_portal_meta to true when using this. default: {{ matrix_mautrix_whatsapp_bridge_encryption_default|to_json }} + # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. + appservice: false # Require encryption, drop any unencrypted messages. require: false # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. From f2b66c3b04cec2a685d919a8a5bfcc0992dc4290 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 17 Sep 2022 10:02:07 +0300 Subject: [PATCH 48/55] Use a different name for appservice-irc image (localhost/ prefix) if self-building enabled Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2108 --- roles/matrix-bridge-appservice-irc/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml index fb0f3a33..bd69df79 100644 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml @@ -15,6 +15,7 @@ matrix_appservice_irc_version: 0.35.0 matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_docker_image_tag }}" matrix_appservice_irc_docker_image_tag: "{{ 'latest' if matrix_appservice_irc_version == 'latest' else ('release-' + matrix_appservice_irc_version) }}" matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" +matrix_appservice_irc_docker_image_name_prefix: "{{ 'localhost/' if matrix_appservice_irc_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc" matrix_appservice_irc_config_path: "{{ matrix_appservice_irc_base_path }}/config" From 49c64a8d65165d03df9c95c8fa05fc1bf67af988 Mon Sep 17 00:00:00 2001 From: borisrunakov Date: Sat, 17 Sep 2022 10:22:05 +0300 Subject: [PATCH 49/55] change stream writer worker metrics range start --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 4e0af66b..db704311 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -494,7 +494,7 @@ matrix_synapse_stream_writers: {} # It should be noted that not all of the background worker types will need to expose HTTP services, etc. matrix_synapse_workers_stream_writer_workers_http_port_range_start: 20011 matrix_synapse_workers_stream_writer_workers_replication_port_range_start: 25011 -matrix_synapse_workers_stream_writer_workers_metrics_range_start: 19111 +matrix_synapse_workers_stream_writer_workers_metrics_range_start: 19211 # matrix_synapse_workers_pusher_workers_count controls the number of pusher workers (workers who push out notifications) to spawn. # See https://matrix-org.github.io/synapse/latest/workers.html#synapseapppusher From 3a3a0b5c9a6039706c488ac439c9a27777cb035e Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat, 17 Sep 2022 13:41:29 +0000 Subject: [PATCH 50/55] Update Cinny 2.1.3 -> 2.2.0 --- roles/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index c2bc476a..c041794c 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -6,7 +6,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v2.1.3 +matrix_client_cinny_version: v2.2.0 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From 435c4f8b01896b84fdc3d68d51352b37e02a7ecf Mon Sep 17 00:00:00 2001 From: Shaleen Jain Date: Sat, 17 Sep 2022 14:33:29 +0000 Subject: [PATCH 51/55] dendrite: update config to match upstream defaults --- roles/matrix-dendrite/defaults/main.yml | 2 +- .../templates/dendrite/dendrite.yaml.j2 | 29 +++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/roles/matrix-dendrite/defaults/main.yml b/roles/matrix-dendrite/defaults/main.yml index 2a6c4fd6..df78b56d 100644 --- a/roles/matrix-dendrite/defaults/main.yml +++ b/roles/matrix-dendrite/defaults/main.yml @@ -90,7 +90,7 @@ matrix_dendrite_tmp_directory_size_mb: 500 # Rate limits matrix_dendrite_rate_limiting_enabled: true -matrix_dendrite_rate_limiting_threshold: 5 +matrix_dendrite_rate_limiting_threshold: 20 matrix_dendrite_rate_limiting_cooloff_ms: 500 # Controls whether people with access to the homeserver can register by themselves. diff --git a/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 b/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 index 88aacab2..d44da219 100644 --- a/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 +++ b/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 @@ -58,6 +58,10 @@ global: # e.g. localhost:443 well_known_server_name: "" + # The server name to delegate client-server communications to, with optional port + # e.g. localhost:443 + well_known_client_name: "" + # Lists of domains that the server will trust as identity servers to verify third # party identifiers such as phone numbers and email addresses. trusted_third_party_id_servers: {{ matrix_dendrite_trusted_id_servers|to_json }} @@ -73,6 +77,25 @@ global: # Whether outbound presence events are allowed, e.g. sending presence events to other servers enable_outbound: false + # Configuration for in-memory caches. Caches can often improve performance by + # keeping frequently accessed items (like events, identifiers etc.) in memory + # rather than having to read them from the database. + cache: + # The estimated maximum size for the global cache in bytes, or in terabytes, + # gigabytes, megabytes or kilobytes when the appropriate 'tb', 'gb', 'mb' or + # 'kb' suffix is specified. Note that this is not a hard limit, nor is it a + # memory limit for the entire process. A cache that is too small may ultimately + # provide little or no benefit. + max_size_estimated: 1gb + + # The maximum amount of time that a cache entry can live for in memory before + # it will be evicted and/or refreshed from the database. Lower values result in + # easier admission of new cache entries but may also increase database load in + # comparison to higher values, so adjust conservatively. Higher values may make + # it harder for new items to make it into the cache, e.g. if new rooms suddenly + # become popular. + max_age: 1h + # Server notices allows server admins to send messages to all users. server_notices: enabled: false @@ -186,6 +209,8 @@ client_api: enabled: {{ matrix_dendrite_rate_limiting_enabled|to_json }} threshold: {{ matrix_dendrite_rate_limiting_threshold|to_json }} cooloff_ms: {{ matrix_dendrite_rate_limiting_cooloff_ms|to_json }} + exempt_user_ids: + # - "@user:domain.com" # Configuration for the Federation API. federation_api: @@ -324,6 +349,10 @@ sync_api: # a reverse proxy server. # real_ip_header: X-Real-IP real_ip_header: {{ matrix_dendrite_sync_api_real_ip_header|to_json }} + fulltext: + enabled: false + index_path: "./fulltextindex" + language: "en" # more possible languages can be found at https://github.com/blevesearch/bleve/tree/master/analysis/lang # Configuration for the User API. user_api: From 47fa90bdc31876a7df24a57a14a86375da3ec2eb Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat, 17 Sep 2022 20:38:07 +0000 Subject: [PATCH 52/55] Update mautrix-signal 0.3.0 -> 0.4.0 --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index d6d3faa2..d8e4016c 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -9,7 +9,7 @@ matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git" matrix_mautrix_signal_docker_repo_version: "{{ 'master' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src" -matrix_mautrix_signal_version: v0.3.0 +matrix_mautrix_signal_version: v0.4.0 matrix_mautrix_signal_daemon_version: 0.21.1 # See: https://mau.dev/mautrix/signal/container_registry matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}" From f042542086a6e4c40b833dac86b6926ebfe69697 Mon Sep 17 00:00:00 2001 From: Aine Date: Sat, 17 Sep 2022 23:51:05 +0300 Subject: [PATCH 53/55] Update Honoroit 0.9.13 -> 0.9.14 --- roles/matrix-bot-honoroit/defaults/main.yml | 13 ++++++++++++- roles/matrix-bot-honoroit/templates/env.j2 | 3 ++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/matrix-bot-honoroit/defaults/main.yml index 7a3e0d19..1c48dc19 100644 --- a/roles/matrix-bot-honoroit/defaults/main.yml +++ b/roles/matrix-bot-honoroit/defaults/main.yml @@ -9,7 +9,7 @@ matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" -matrix_bot_honoroit_version: v0.9.13 +matrix_bot_honoroit_version: v0.9.14 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}" @@ -88,6 +88,17 @@ matrix_bot_honoroit_loglevel: '' # Disable encryption matrix_bot_honoroit_noencryption: false +# A list of whitelisted users allowed to use/invite honoroit +# If not defined, everyone is allowed. +# Example set of rules: +# matrix_bot_honoroit_users: +# - @someone:example.com +# - @another:example.com +# - @bot.*:example.com +# - @*:another.com +matrix_bot_honoroit_allowedusers: + - "@*:*" + # Max items in cache matrix_bot_honoroit_cachesize: '' diff --git a/roles/matrix-bot-honoroit/templates/env.j2 b/roles/matrix-bot-honoroit/templates/env.j2 index c8d10c6a..0cfd88c1 100644 --- a/roles/matrix-bot-honoroit/templates/env.j2 +++ b/roles/matrix-bot-honoroit/templates/env.j2 @@ -10,7 +10,8 @@ HONOROIT_LOGLEVEL={{ matrix_bot_honoroit_loglevel }} HONOROIT_CACHESIZE={{ matrix_bot_honoroit_cachesize }} HONOROIT_NOENCRYPTION={{ matrix_bot_honoroit_noencryption }} HONOROIT_IGNORENOTHREAD={{ matrix_bot_honoroit_ignorenothread }} -HONOROIT_IGNOREDROOMS={{ matrix_bot_honoroit_ignoredrooms|join(' ') }} +HONOROIT_IGNOREDROOMS={{ matrix_bot_honoroit_ignoredrooms | join(' ') }} +HONOROIT_ALLOWEDUSERS={{ matrix_bot_honoroit_allowedusers | join(' ') }} HONOROIT_TEXT_PREFIX_OPEN={{ matrix_bot_honoroit_text_prefix_open }} HONOROIT_TEXT_PREFIX_DONE={{ matrix_bot_honoroit_text_prefix_done }} HONOROIT_TEXT_NOENCRYPTION={{ matrix_bot_honoroit_text_noencryption }} From 0259a7a50b46f31fac9f3f1fa2473a1753655200 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 18 Sep 2022 12:03:54 +0300 Subject: [PATCH 54/55] Fix typo Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2114 --- roles/matrix-bot-honoroit/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/matrix-bot-honoroit/defaults/main.yml index 1c48dc19..94d4a5e6 100644 --- a/roles/matrix-bot-honoroit/defaults/main.yml +++ b/roles/matrix-bot-honoroit/defaults/main.yml @@ -91,7 +91,7 @@ matrix_bot_honoroit_noencryption: false # A list of whitelisted users allowed to use/invite honoroit # If not defined, everyone is allowed. # Example set of rules: -# matrix_bot_honoroit_users: +# matrix_bot_honoroit_allowedusers: # - @someone:example.com # - @another:example.com # - @bot.*:example.com From 89648cf58e8de298301b973274947eaa7335afeb Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 18 Sep 2022 12:21:09 +0300 Subject: [PATCH 55/55] Fix some ansible-lint-reported warnings --- roles/matrix-base/defaults/main.yml | 2 +- roles/matrix-base/tasks/server_base/setup_raspbian.yml | 2 +- roles/matrix-bot-maubot/tasks/init.yml | 2 +- roles/matrix-bot-maubot/tasks/setup_uninstall.yml | 6 +++--- .../matrix-bridge-appservice-irc/tasks/validate_config.yml | 2 +- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 4 ---- roles/matrix-common-after/tasks/dump_runtime_results.yml | 2 +- roles/matrix-common-after/tasks/start.yml | 4 ++-- roles/matrix-dynamic-dns/tasks/validate_config.yml | 2 +- roles/matrix-email2matrix/tasks/validate_config.yml | 2 +- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- roles/matrix-postgres/tasks/migrate_db_to_postgres.yml | 2 +- roles/matrix-postgres/tasks/validate_config.yml | 2 +- roles/matrix-sygnal/tasks/validate_config.yml | 2 +- .../tasks/ext/synapse-simple-antispam/setup_install.yml | 2 +- roles/matrix-synapse/tasks/init.yml | 6 +++--- roles/matrix-synapse/tasks/register_user.yml | 2 +- .../tasks/rust-synapse-compress-state/main.yml | 2 +- roles/matrix-synapse/tasks/synapse/workers/init.yml | 2 +- .../tasks/synapse/workers/util/inject_worker.yml | 2 +- roles/matrix-synapse/tasks/update_user_password.yml | 4 ++-- roles/matrix-synapse/tasks/validate_config.yml | 2 +- 22 files changed, 27 insertions(+), 31 deletions(-) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 6d69f3e5..2f8645e5 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -134,7 +134,7 @@ matrix_host_command_openssl: "/usr/bin/env openssl" matrix_host_command_systemctl: "/usr/bin/env systemctl" matrix_host_command_sh: "/usr/bin/env sh" -matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version | int > 18) else ( 'systemd' if ansible_os_family == 'Suse' else 'ntp' ) }}" +matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version | int > 18) else ('systemd' if ansible_os_family == 'Suse' else 'ntp') }}" matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version | int > 18) or ansible_distribution == 'Archlinux' or ansible_os_family == 'Suse' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}" matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}" diff --git a/roles/matrix-base/tasks/server_base/setup_raspbian.yml b/roles/matrix-base/tasks/server_base/setup_raspbian.yml index 54ea4d18..18c6eb65 100644 --- a/roles/matrix-base/tasks/server_base/setup_raspbian.yml +++ b/roles/matrix-base/tasks/server_base/setup_raspbian.yml @@ -36,6 +36,6 @@ ansible.builtin.apt: name: - "{{ matrix_docker_package_name }}" - - "python{{'3' if ansible_python.version.major == 3 else ''}}-docker" + - "python{{ '3' if ansible_python.version.major == 3 else '' }}-docker" state: present when: matrix_docker_installation_enabled | bool diff --git a/roles/matrix-bot-maubot/tasks/init.yml b/roles/matrix-bot-maubot/tasks/init.yml index 251d0b4a..461af060 100644 --- a/roles/matrix-bot-maubot/tasks/init.yml +++ b/roles/matrix-bot-maubot/tasks/init.yml @@ -35,7 +35,7 @@ + [matrix_bot_maubot_matrix_nginx_proxy_configuration] }} - when: matrix_bot_maubot_proxy_management_interface|bool + when: matrix_bot_maubot_proxy_management_interface | bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used ansible.builtin.debug: diff --git a/roles/matrix-bot-maubot/tasks/setup_uninstall.yml b/roles/matrix-bot-maubot/tasks/setup_uninstall.yml index 0be7089c..dd0fc1f6 100644 --- a/roles/matrix-bot-maubot/tasks/setup_uninstall.yml +++ b/roles/matrix-bot-maubot/tasks/setup_uninstall.yml @@ -12,18 +12,18 @@ enabled: false daemon_reload: true register: stopping_result - when: "matrix_bot_maubot_service_stat.stat.exists|bool" + when: "matrix_bot_maubot_service_stat.stat.exists | bool" - name: Ensure matrix-bot-maubot.service doesn't exist ansible.builtin.file: path: "{{ matrix_systemd_path }}/matrix-bot-maubot.service" state: absent - when: "matrix_bot_maubot_service_stat.stat.exists|bool" + when: "matrix_bot_maubot_service_stat.stat.exists | bool" - name: Ensure systemd reloaded after matrix-bot-maubot.service removal ansible.builtin.service: daemon_reload: true - when: "matrix_bot_maubot_service_stat.stat.exists|bool" + when: "matrix_bot_maubot_service_stat.stat.exists | bool" - name: Ensure Matrix maubot paths don't exist ansible.builtin.file: diff --git a/roles/matrix-bridge-appservice-irc/tasks/validate_config.yml b/roles/matrix-bridge-appservice-irc/tasks/validate_config.yml index f101e6fe..f0d887c8 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/validate_config.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/validate_config.yml @@ -23,7 +23,7 @@ You need to define one or more servers by either using `matrix_appservice_irc_ircService_servers` or by extending the base configuration with additional configuration in `matrix_appservice_irc_configuration_extension_yaml`. Overriding the whole bridge's configuration (`matrix_appservice_irc_configuration`) is yet another possibility. - when: "matrix_appservice_irc_configuration.ircService.servers|length == 0" + when: "matrix_appservice_irc_configuration.ircService.servers | length == 0" - name: (Deprecation) Catch and report renamed appservice-irc variables ansible.builtin.fail: diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 81494584..cb4900ee 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -86,10 +86,6 @@ matrix_mautrix_whatsapp_login_shared_secret: '' matrix_mautrix_whatsapp_bridge_login_shared_secret_map: "{{ {matrix_mautrix_whatsapp_homeserver_domain: matrix_mautrix_whatsapp_login_shared_secret} if matrix_mautrix_whatsapp_login_shared_secret else {} }}" -# Servers to always allow double puppeting from -matrix_mautrix_whatsapp_bridge_double_puppet_server_map: - "{{ matrix_mautrix_whatsapp_homeserver_domain : matrix_mautrix_whatsapp_homeserver_address }}" - # Enable End-to-bridge encryption matrix_mautrix_whatsapp_bridge_encryption_allow: false matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" diff --git a/roles/matrix-common-after/tasks/dump_runtime_results.yml b/roles/matrix-common-after/tasks/dump_runtime_results.yml index 4074a625..7dba367d 100644 --- a/roles/matrix-common-after/tasks/dump_runtime_results.yml +++ b/roles/matrix-common-after/tasks/dump_runtime_results.yml @@ -4,4 +4,4 @@ - ansible.builtin.debug: msg: "" with_items: "{{ matrix_playbook_runtime_results }}" - when: "matrix_playbook_runtime_results is defined and matrix_playbook_runtime_results|length > 0" + when: "matrix_playbook_runtime_results is defined and matrix_playbook_runtime_results | length > 0" diff --git a/roles/matrix-common-after/tasks/start.yml b/roles/matrix-common-after/tasks/start.yml index 890eabfa..605b3f61 100644 --- a/roles/matrix-common-after/tasks/start.yml +++ b/roles/matrix-common-after/tasks/start.yml @@ -49,8 +49,8 @@ See `roles/matrix-common-after/defaults/main.yml` for more details about that. with_items: "{{ matrix_systemd_services_list }}" when: - - "item.endswith('.service') and (ansible_facts.services[item]|default(none) is none or ansible_facts.services[item].state != 'running')" - when: " ansible_distribution != 'Archlinux'" + - "item.endswith('.service') and (ansible_facts.services[item] | default(none) is none or ansible_facts.services[item].state != 'running')" + when: "ansible_distribution != 'Archlinux'" - block: # Currently there is a bug in ansible that renders is incompatible with systemd. diff --git a/roles/matrix-dynamic-dns/tasks/validate_config.yml b/roles/matrix-dynamic-dns/tasks/validate_config.yml index 610dc2f8..60adade8 100644 --- a/roles/matrix-dynamic-dns/tasks/validate_config.yml +++ b/roles/matrix-dynamic-dns/tasks/validate_config.yml @@ -4,7 +4,7 @@ ansible.builtin.fail: msg: >- You need to define at least one configuration in `matrix_dynamic_dns_domain_configurations` for using matrix-dynamic-dns. - when: "matrix_dynamic_dns_domain_configurations|length == 0" + when: "matrix_dynamic_dns_domain_configurations | length == 0" - name: Fail if required settings not defined in configuration blocks ansible.builtin.fail: diff --git a/roles/matrix-email2matrix/tasks/validate_config.yml b/roles/matrix-email2matrix/tasks/validate_config.yml index 59a3581e..8d89f1d6 100644 --- a/roles/matrix-email2matrix/tasks/validate_config.yml +++ b/roles/matrix-email2matrix/tasks/validate_config.yml @@ -4,4 +4,4 @@ ansible.builtin.fail: msg: > You need to define at least one mapping in `matrix_email2matrix_matrix_mappings` for enabling Email2Matrix. - when: "matrix_email2matrix_matrix_mappings|length == 0" + when: "matrix_email2matrix_matrix_mappings | length == 0" diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 88c99ea9..7cdc0c92 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -633,7 +633,7 @@ matrix_nginx_proxy_synapse_user_dir_locations: [] # synapse content caching matrix_nginx_proxy_synapse_cache_enabled: false -matrix_nginx_proxy_synapse_cache_path: "{{ '/tmp/synapse-cache' if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path+'/synapse-cache' }}" +matrix_nginx_proxy_synapse_cache_path: "{{ '/tmp/synapse-cache' if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path + '/synapse-cache' }}" matrix_nginx_proxy_synapse_cache_keys_zone_name: "STATIC" matrix_nginx_proxy_synapse_cache_keys_zone_size: "10m" matrix_nginx_proxy_synapse_cache_inactive_time: "48h" diff --git a/roles/matrix-postgres/tasks/migrate_db_to_postgres.yml b/roles/matrix-postgres/tasks/migrate_db_to_postgres.yml index be967d68..f79a12f8 100644 --- a/roles/matrix-postgres/tasks/migrate_db_to_postgres.yml +++ b/roles/matrix-postgres/tasks/migrate_db_to_postgres.yml @@ -157,7 +157,7 @@ register: matrix_postgres_migrate_db_to_postgres_additional_queries_result changed_when: matrix_postgres_migrate_db_to_postgres_additional_queries_result.rc == 0 - when: "matrix_postgres_db_migration_request.additional_psql_statements_list | default([])|length > 0" + when: "matrix_postgres_db_migration_request.additional_psql_statements_list | default([]) | length > 0" - name: Archive {{ matrix_postgres_db_migration_request.engine_old }} database ({{ matrix_postgres_db_migration_request.src }} -> {{ matrix_postgres_db_migration_request.src }}.backup) ansible.builtin.command: diff --git a/roles/matrix-postgres/tasks/validate_config.yml b/roles/matrix-postgres/tasks/validate_config.yml index f239b116..a6225632 100644 --- a/roles/matrix-postgres/tasks/validate_config.yml +++ b/roles/matrix-postgres/tasks/validate_config.yml @@ -36,4 +36,4 @@ - name: Fail if Postgres password length exceeded ansible.builtin.fail: msg: "The maximum `matrix_postgres_connection_password` length is 99 characters" - when: "matrix_postgres_connection_password|length > 99" + when: "matrix_postgres_connection_password | length > 99" diff --git a/roles/matrix-sygnal/tasks/validate_config.yml b/roles/matrix-sygnal/tasks/validate_config.yml index b2c38010..277bd1b2 100644 --- a/roles/matrix-sygnal/tasks/validate_config.yml +++ b/roles/matrix-sygnal/tasks/validate_config.yml @@ -4,4 +4,4 @@ ansible.builtin.fail: msg: >- Enabling Sygnal requires that you specify at least one app in `matrix_sygnal_apps` - when: "matrix_sygnal_enabled and matrix_sygnal_apps|length == 0" + when: "matrix_sygnal_enabled and matrix_sygnal_apps | length == 0" diff --git a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml b/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml index 23a382f2..34a7a7e0 100644 --- a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml @@ -3,7 +3,7 @@ - name: Fail if Synapse Simple Antispam blocked homeservers is not set ansible.builtin.fail: msg: "Synapse Simple Antispam is enabled, but no blocked homeservers have been set in matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers" - when: "matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers|length == 0" + when: "matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers | length == 0" - name: Ensure git installed (RedHat) ansible.builtin.yum: diff --git a/roles/matrix-synapse/tasks/init.yml b/roles/matrix-synapse/tasks/init.yml index 8610a33b..acfbf031 100644 --- a/roles/matrix-synapse/tasks/init.yml +++ b/roles/matrix-synapse/tasks/init.yml @@ -9,7 +9,7 @@ # Unless `matrix_synapse_workers_enabled_list` is explicitly defined, # we'll generate it dynamically. - ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/init.yml" - when: "matrix_synapse_enabled and matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list|length == 0" + when: "matrix_synapse_enabled and matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | length == 0" - ansible.builtin.set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse.service'] }}" @@ -73,7 +73,7 @@ } {% endif %} {% endfor %} - when: matrix_synapse_workers_enabled_list|length > 0 + when: matrix_synapse_workers_enabled_list | length > 0 - name: Register synapse worker metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/worker) ansible.builtin.set_fact: @@ -83,5 +83,5 @@ + [matrix_synapse_worker_nginx_metrics_configuration_block] }} - when: matrix_synapse_workers_enabled_list|length > 0 + when: matrix_synapse_workers_enabled_list | length > 0 when: matrix_synapse_enabled | bool and matrix_synapse_metrics_proxying_enabled | bool diff --git a/roles/matrix-synapse/tasks/register_user.yml b/roles/matrix-synapse/tasks/register_user.yml index 8c344b2d..81748449 100644 --- a/roles/matrix-synapse/tasks/register_user.yml +++ b/roles/matrix-synapse/tasks/register_user.yml @@ -28,6 +28,6 @@ when: "start_result.changed" - name: Register user - ansible.builtin.command: "{{ matrix_local_bin_path }}/matrix-synapse-register-user {{ username|quote }} {{ password|quote }} {{ '1' if admin == 'yes' else '0' }}" + ansible.builtin.command: "{{ matrix_local_bin_path }}/matrix-synapse-register-user {{ username | quote }} {{ password | quote }} {{ '1' if admin == 'yes' else '0' }}" register: matrix_synapse_register_user_result changed_when: matrix_synapse_register_user_result.rc == 0 diff --git a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml b/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml index fcea8606..29860e5a 100644 --- a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml +++ b/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml @@ -92,7 +92,7 @@ ansible.builtin.fail: msg: >- Expecting 4 lines in the "find rooms" result. - when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.failed or matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines|length != 4" + when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.failed or matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines | length != 4" - block: # matrix_synapse_rust_synapse_compress_state_eligible_rooms is a list diff --git a/roles/matrix-synapse/tasks/synapse/workers/init.yml b/roles/matrix-synapse/tasks/synapse/workers/init.yml index 43e44b63..0fc4e79c 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/init.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/init.yml @@ -37,7 +37,7 @@ - name: Populate matrix_synapse_stream_writers from enabled stream writer workers list ansible.builtin.set_fact: - matrix_synapse_stream_writers: "{{ matrix_synapse_stream_writers | combine ({item.ansible_facts.worker.stream_writer_stream: [item.ansible_facts.worker.name]}) }}" + matrix_synapse_stream_writers: "{{ matrix_synapse_stream_writers | combine({item.ansible_facts.worker.stream_writer_stream: [item.ansible_facts.worker.name]}) }}" with_items: "{{ matrix_synapse_workers_list_results_stream_writer_workers.results }}" - name: Build federation sender workers diff --git a/roles/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml b/roles/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml index 0a52db32..eee73151 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/util/inject_worker.yml @@ -42,7 +42,7 @@ ansible.builtin.fail: msg: >- Synapse stream_writer workers (such as {{ item }}) need to define a valid `stream_writer_stream` property - (not `{{ matrix_synapse_worker_details.stream_writer_stream|default('undefined') }}`). + (not `{{ matrix_synapse_worker_details.stream_writer_stream | default('undefined') }}`). Supported types are: {{ matrix_synapse_workers_known_stream_writer_stream_types | join(', ') }} when: "'stream_writer_stream' not in matrix_synapse_worker_details or matrix_synapse_worker_details.stream_writer_stream not in matrix_synapse_workers_known_stream_writer_stream_types" diff --git a/roles/matrix-synapse/tasks/update_user_password.yml b/roles/matrix-synapse/tasks/update_user_password.yml index 586bf51b..f7b40456 100644 --- a/roles/matrix-synapse/tasks/update_user_password.yml +++ b/roles/matrix-synapse/tasks/update_user_password.yml @@ -36,11 +36,11 @@ when: "start_result.changed or postgres_start_result.changed" - name: Generate password hash - ansible.builtin.shell: "{{ matrix_host_command_docker }} exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password|quote }}" + ansible.builtin.shell: "{{ matrix_host_command_docker }} exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password | quote }}" register: password_hash changed_when: false - name: Update user password hash - ansible.builtin.command: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash {{ username|quote }} {{ password_hash.stdout|quote }}" + ansible.builtin.command: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash {{ username | quote }} {{ password_hash.stdout | quote }}" register: matrix_synapse_update_user_password_result changed_when: matrix_synapse_update_user_password_result.rc == 0 diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/matrix-synapse/tasks/validate_config.yml index 79e58154..0758c88f 100644 --- a/roles/matrix-synapse/tasks/validate_config.yml +++ b/roles/matrix-synapse/tasks/validate_config.yml @@ -16,7 +16,7 @@ ansible.builtin.fail: msg: >- `{{ item }}` cannot be more than 1. This is a single-instance worker. - when: "vars[item]|int > 1" + when: "vars[item] | int > 1" with_items: - "matrix_synapse_workers_appservice_workers_count" - "matrix_synapse_workers_user_dir_workers_count"