From 0fe6352cf739c2cb6b7d301f26134e7282c015fa Mon Sep 17 00:00:00 2001 From: foxcris <361299+foxcris@users.noreply.github.com> Date: Thu, 11 Feb 2021 17:18:25 +0100 Subject: [PATCH 01/44] - Added role to setup https://github.com/prodrigestivill/docker-postgres-backup-local container to backup all postgres databases --- .../matrix-postgres-backup/defaults/main.yml | 140 ++++++++++++++ .../tasks/build_database_list.yml | 176 ++++++++++++++++++ roles/matrix-postgres-backup/tasks/init.yml | 3 + roles/matrix-postgres-backup/tasks/main.yml | 17 ++ .../tasks/setup_postgres_backup.yml | 108 +++++++++++ .../util/detect_existing_postgres_version.yml | 56 ++++++ .../tasks/validate_config.yml | 27 +++ .../templates/env-postgres-backup.j2 | 12 ++ .../systemd/matrix-postgres-backup.service.j2 | 31 +++ setup.yml | 2 + 10 files changed, 572 insertions(+) create mode 100644 roles/matrix-postgres-backup/defaults/main.yml create mode 100644 roles/matrix-postgres-backup/tasks/build_database_list.yml create mode 100644 roles/matrix-postgres-backup/tasks/init.yml create mode 100644 roles/matrix-postgres-backup/tasks/main.yml create mode 100644 roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml create mode 100644 roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml create mode 100644 roles/matrix-postgres-backup/tasks/validate_config.yml create mode 100644 roles/matrix-postgres-backup/templates/env-postgres-backup.j2 create mode 100644 roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 diff --git a/roles/matrix-postgres-backup/defaults/main.yml b/roles/matrix-postgres-backup/defaults/main.yml new file mode 100644 index 00000000..d01534d0 --- /dev/null +++ b/roles/matrix-postgres-backup/defaults/main.yml @@ -0,0 +1,140 @@ +matrix_postgres_backaup_enabled: false + +matrix_postgres_connection_hostname: "matrix-postgres" +matrix_postgres_connection_port: 5432 +matrix_postgres_connection_username: "matrix" +matrix_postgres_connection_password: "" + +matrix_postgres_backup_extra_opts: "-Z9 --schema=public --blobs" +matrix_postgres_backup_schedule: "@daily" +matrix_postgres_backup_keep_days: "7" +matrix_postgres_backup_keep_weeks: "4" +matrix_postgres_backup_keep_months: "12" +matrix_postgres_backup_healthcheck_port: "8080" +matrix_postgres_backup_db_list: "" +matrix_postgres_backup_path: "{{ matrix_base_data_path }}/postgres-backup" + +matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres" +matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data" + +# uses sqlite per default +matrix_postgres_backup_matrix_reminder_bot_enabled: false +matrix_bot_matrix_reminder_bot_database_name: 'matrix_reminder_bot' + +# uses sqlite per default +matrix_postgres_backup_matrix_appservice_discord_enabled: false +matrix_appservice_discord_database_name: 'matrix_appservice_discord' + +# uses nedb per default +matrix_postgres_backup_matrix_appservice_irc_enabled: false +matrix_appservice_irc_database_name: 'matrix_appservice_irc' + +# uses nedb per default +matrix_postgres_backup_matrix_appservice_slack_enabled: false +matrix_appservice_slack_database_name: 'matrix_appservice_slack' + +# uses postgres per default +matrix_postgres_backup_matrix_mautrix_facebook_enabled: false +matrix_mautrix_facebook_database_name: 'matrix_mautrix_facebook' + +# uses sqlite per default +matrix_postgres_backup_matrix_mautrix_hangouts_enabled: false +matrix_mautrix_hangouts_database_name: 'matrix_mautrix_hangouts' + +# uses postgres per default +matrix_postgres_backup_matrix_mautrix_signal_enabled: false +matrix_mautrix_signal_database_name: 'matrix_mautrix_signal' + +# uses sqlite per default +matrix_postgres_backup_matrix_mautrix_telegram_enabled: false +matrix_mautrix_telegram_database_name: 'matrix_mautrix_telegram' + +# uses sqlite per default +matrix_postgres_backup_matrix_mautrix_whatsapp_enabled: false +matrix_mautrix_whatsapp_database_name: 'matrix_mautrix_whatsapp' + +# uses sqlite per default +matrix_postgres_backup_matrix_mx_puppet_discord_enabled: false +matrix_mx_puppet_discord_database_name: 'matrix_mx_puppet_discord' + +# uses sqlite per default +matrix_postgres_backup_matrix_mx_puppet_instagram_enabled: false +matrix_postgres_backup_matrix_mx_puppet_instagram_name: 'matrix_mx_puppet_instagram' + +# uses sqlite per default +matrix_postgres_backup_matrix_mx_puppet_skype_enabled: false +matrix_mx_puppet_skype_database_name: 'matrix_mx_puppet_skype' + +# uses sqlite per default +matrix_postgres_backup_matrix_mx_puppet_slack_enabled: false +matrix_mx_puppet_slack_database_name: 'matrix_mx_puppet_slack' + +# uses sqlite per default +matrix_postgres_backup_matrix_mx_puppet_steam_enabled: false +matrix_mx_puppet_steam_database_name: 'matrix_mx_puppet_steam' + +# uses sqlite per default +matrix_postgres_backup_matrix_mx_puppet_twitter_enabled: false +matrix_mx_puppet_twitter_database_name: 'matrix_mx_puppet_twitter' + +# uses sqlite per default +matrix_postgres_backup_matrix_dimension_enabled: false +matrix_dimension_database_name: 'matrix_dimension' + +# uses sqlite per default +matrix_postgres_backup_matrix_etherpad_enabled: false +matrix_etherpad_database_name: 'matrix_etherpad' + +# uses sqlite per default +matrix_postgres_backup_matrix_ma1sd_enabled: false +matrix_ma1sd_database_name: 'matrix_ma1sd' + +# uses sqlite per default +matrix_postgres_backup_matrix_registration_enabled: false +matrix_registration_database_engine: 'matrix_registration' + +# uses postgres per default +matrix_postgres_backup_matrix_synapse_enabled: true +matrix_postgres_db_name: 'matrix' + +matrix_postgres_backup_db_dict: + - { enabled: '{{matrix_postgres_backup_matrix_reminder_bot_enabled|bool}}' , dbname: '{{ matrix_bot_matrix_reminder_bot_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_appservice_discord_enabled|bool}}' , dbname: '{{ matrix_appservice_discord_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_appservice_irc_enabled|bool}}' , dbname: '{{ matrix_appservice_irc_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_appservice_slack_enabled|bool}}' , dbname: '{{ matrix_appservice_slack_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_mautrix_facebook_enabled|bool}}' , dbname: '{{ matrix_mautrix_facebook_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_mautrix_hangouts_enabled|bool}}' , dbname: '{{ matrix_mautrix_hangouts_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_mautrix_signal_enabled|bool}}' , dbname: '{{ matrix_mautrix_signal_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_mautrix_telegram_enabled|bool}}' , dbname: '{{ matrix_mautrix_telegram_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_mautrix_whatsapp_enabled|bool}}' , dbname: '{{ matrix_mautrix_whatsapp_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_instagram_enabled|bool}}' , dbname: '{{ matrix_postgres_backup_matrix_mx_puppet_instagram_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_skype_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_skype_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_slack_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_slack_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_steam_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_steam_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_twitter_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_twitter_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_dimension_enabled|bool}}' , dbname: '{{ matrix_dimension_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_etherpad_enabled|bool}}' , dbname: '{{ matrix_etherpad_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_ma1sd_enabled|bool}}' , dbname: '{{ matrix_ma1sd_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_registration_enabled|bool}}' , dbname: '{{ matrix_registration_database_engine }}' } + - { enabled: '{{matrix_postgres_backup_matrix_synapse_enabled|bool}}' , dbname: '{{ matrix_postgres_db_name }}' } + + +matrix_postgres_backup_architecture: amd64 + +# matrix_postgres_docker_image_suffix controls whether we use Alpine-based images (`-alpine`) or the normal Debian-based images. +# Alpine-based Postgres images are smaller and we usually prefer them, but they don't work on ARM32 (tested on a Raspberry Pi 3 running Raspbian 10.7). +# On ARM32, `-alpine` images fail with the following error: +# > LOG: startup process (PID 37) was terminated by signal 11: Segmentation fault +matrix_postgres_backup_docker_image_suffix: "{{ '-alpine' if matrix_postgres_backup_architecture in ['amd64', 'arm64'] else '' }}" + +matrix_postgres_backup_docker_image_v9: "docker.io/prodrigestivill/postgres-backup-local:9.6{{ matrix_postgres_backup_docker_image_suffix }}" +matrix_postgres_backup_docker_image_v10: "docker.io/prodrigestivill/postgres-backup-local:10{{ matrix_postgres_backup_docker_image_suffix }}" +matrix_postgres_backup_docker_image_v11: "docker.io/prodrigestivill/postgres-backup-local:11{{ matrix_postgres_backup_docker_image_suffix }}" +matrix_postgres_backup_docker_image_v12: "docker.io/prodrigestivill/postgres-backup-local:12{{ matrix_postgres_backup_docker_image_suffix }}" +matrix_postgres_backup_docker_image_v13: "docker.io/prodrigestivill/postgres-backup-local:13{{ matrix_postgres_backup_docker_image_suffix }}" +matrix_postgres_backup_docker_image_latest: "{{ matrix_postgres_backup_docker_image_v13 }}" + +# This variable is assigned at runtime. Overriding its value has no effect. +matrix_postgres_backup_docker_image_to_use: '{{ matrix_postgres_backup_docker_image_latest }}' + +matrix_postgres_backup_docker_image_force_pull: "{{ matrix_postgres_backup_docker_image_to_use.endswith(':latest') }}" \ No newline at end of file diff --git a/roles/matrix-postgres-backup/tasks/build_database_list.yml b/roles/matrix-postgres-backup/tasks/build_database_list.yml new file mode 100644 index 00000000..9937c4d0 --- /dev/null +++ b/roles/matrix-postgres-backup/tasks/build_database_list.yml @@ -0,0 +1,176 @@ + +--- + +# Detect wich databases have to backuped +# Default value is the "matrix_postgres_db_name" +# has to be extended for each service using a seperate db in postgres +# - name: Check if matrix_reminder_bot uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_bot_matrix_reminder_bot_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_bot_matrix_reminder_bot_database_engine == 'postgres' + +# - name: Check if matrix_appservice_discord uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_appservice_discord_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_appservice_discord_database_engine == 'postgres' + +# - name: Check if matrix_appservice_irc uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_appservice_irc_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_appservice_irc_database_engine == 'postgres' + +# - name: Check if matrix_appservice_slack_database uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_appservice_slack_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_appservice_slack_database_engine == 'postgres' + +# - name: Check if matrix_mautrix_facebook uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mautrix_facebook_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mautrix_facebook_database_engine == 'postgres' + +# - name: Check if matrix_mautrix_hangouts uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mautrix_hangouts_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mautrix_hangouts_database_engine == 'postgres' + +# - name: Check if matrix_mautrix_signal uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mautrix_signal_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mautrix_signal_database_engine == 'postgres' + +# - name: Check if matrix_mautrix_telegram uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mautrix_telegram_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mautrix_telegram_database_engine == 'postgres' + +# - name: Check if matrix_mautrix_whatsapp uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mautrix_whatsapp_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mautrix_whatsapp_database_engine == 'postgres' + +# - name: Check if matrix_mx_puppet_discord uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_discord_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mx_puppet_discord_database_engine == 'postgres' + +# - name: Check if matrix_mx_puppet_instagram uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_instagram_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mx_puppet_instagram_database_engine == 'postgres' + +# - name: Check if matrix_mx_puppet_skype uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_skype_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mx_puppet_skype_database_engine == 'postgres' + +# - name: Check if matrix_mx_puppet_slack uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_slack_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mx_puppet_slack_database_engine == 'postgres' + +# - name: Check if matrix_mx_puppet_steam uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_steam_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mx_puppet_steam_database_engine == 'postgres' + +# - name: Check if matrix_mx_puppet_twitter uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_twitter_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mx_puppet_twitter_database_engine == 'postgres' + +# - name: Check if matrix_dimension uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_dimension_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_dimension_database_engine == 'postgres' + +# - name: Check if matrix_etherpad uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_etherpad_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_etherpad_database_engine == 'postgres' + +# - name: Check if matrix_ma1sd uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_ma1sd_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_ma1sd_database_engine == 'postgres' + +# - name: Check if matrix_registration uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_registration_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_registration_database_engine == 'postgres' + +#- name: Build list of all databases to backup - part 1 +# set_fact: +# matrix_postgres_backup_db_list: '{% if item.enabled %}{% if matrix_postgres_backup_db_list=="" %}{{item.dbname}}{% else %}{{ matrix_postgres_backup_db_list }},{{item.dbname}}{% endif %}{% else %}{% endif %}' +# loop: +# - { enabled: '{{matrix_postgres_backup_matrix_reminder_bot_enabled|bool}}' , dbname: '{{ matrix_bot_matrix_reminder_bot_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_appservice_discord_enabled|bool}}' , dbname: '{{ matrix_appservice_discord_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_appservice_irc_enabled|bool}}' , dbname: '{{ matrix_appservice_irc_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_appservice_slack_enabled|bool}}' , dbname: '{{ matrix_appservice_slack_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mautrix_facebook_enabled|bool}}' , dbname: '{{ matrix_mautrix_facebook_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mautrix_hangouts_enabled|bool}}' , dbname: '{{ matrix_mautrix_hangouts_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mautrix_signal_enabled|bool}}' , dbname: '{{ matrix_mautrix_signal_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mautrix_telegram_enabled|bool}}' , dbname: '{{ matrix_mautrix_telegram_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mautrix_whatsapp_enabled|bool}}' , dbname: '{{ matrix_mautrix_whatsapp_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_instagram_enabled|bool}}' , dbname: '{{ matrix_postgres_backup_matrix_mx_puppet_instagram_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_skype_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_skype_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_slack_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_slack_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_steam_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_steam_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_twitter_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_twitter_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_dimension_enabled|bool}}' , dbname: '{{ matrix_dimension_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_etherpad_enabled|bool}}' , dbname: '{{ matrix_etherpad_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_ma1sd_enabled|bool}}' , dbname: '{{ matrix_ma1sd_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_registration_enabled|bool}}' , dbname: '{{ matrix_registration_database_engine }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_synapse_enabled|bool}}' , dbname: '{{ matrix_postgres_db_name }}' } + +- name: Build list of all databases to backup - part 2 + set_fact: + matrix_postgres_backup_db_list_prepare: "{% set res = [ ] %}{% for db in matrix_postgres_backup_db_dict %}{% if db.enabled %}{% set ignored = res.append(db.dbname) %}{% endif %}{% endfor %}{{ res }}" + +- name: Build list of all databases to backup - part 1 + set_fact: + matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list_prepare | join(',') }}" + +- name: Going to backup the following list of databases + debug: + msg: "{{ matrix_postgres_backup_db_list }}" + when: matrix_postgres_backup_enabled|bool + \ No newline at end of file diff --git a/roles/matrix-postgres-backup/tasks/init.yml b/roles/matrix-postgres-backup/tasks/init.yml new file mode 100644 index 00000000..c6a9bd7e --- /dev/null +++ b/roles/matrix-postgres-backup/tasks/init.yml @@ -0,0 +1,3 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-postgres-backup.service'] }}" + when: matrix_postgres_backup_enabled|bool diff --git a/roles/matrix-postgres-backup/tasks/main.yml b/roles/matrix-postgres-backup/tasks/main.yml new file mode 100644 index 00000000..f819b8e9 --- /dev/null +++ b/roles/matrix-postgres-backup/tasks/main.yml @@ -0,0 +1,17 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_postgres_enabled|bool" + tags: + - setup-all + - setup-postgres-backup + +- import_tasks: "{{ role_path }}/tasks/setup_postgres_backup.yml" + when: run_setup|bool + tags: + - setup-all + - setup-postgres-backup \ No newline at end of file diff --git a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml new file mode 100644 index 00000000..dc6e68c4 --- /dev/null +++ b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml @@ -0,0 +1,108 @@ +--- + +# +# Tasks related to setting up an internal postgres server +# + +- import_tasks: "{{ role_path }}/tasks/util/detect_existing_postgres_version.yml" + when: matrix_postgres_enabled|bool + +# If we have found an existing version (installed from before), we use its corresponding Docker image. +# If not, we install using the latest Postgres. +# +# Upgrading is supposed to be performed separately and explicitly (see `upgrade_postgres.yml`). +- set_fact: + matrix_postgres_backup_docker_image_to_use: "{{ matrix_postgres_backup_docker_image_latest if matrix_postgres_backup_detected_version_corresponding_docker_image == '' else matrix_postgres_backup_detected_version_corresponding_docker_image }}" + when: matrix_postgres_backup_enabled|bool + +- name: Ensure postgres backup Docker image is pulled + docker_image: + name: "{{ matrix_postgres_backup_docker_image_to_use }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_postgres_backup_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_backup_docker_image_force_pull }}" + when: matrix_postgres_backup_enabled|bool + +- name: Ensure Postgres backup paths exist + file: + path: "{{ item }}" + state: directory + mode: 0700 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - "{{ matrix_postgres_backup_path }}" + when: matrix_postgres_backup_enabled|bool + +#Build database list to backup +- import_tasks: "{{ role_path }}/tasks/build_database_list.yml" + when: matrix_postgres_backup_enabled|bool + +- name: Ensure Postgres environment variables file created + template: + src: "{{ role_path }}/templates/{{ item }}.j2" + dest: "{{ matrix_postgres_backup_path }}/{{ item }}" + mode: 0640 + with_items: + - "env-postgres-backup" + when: matrix_postgres_backup_enabled|bool + +- name: Ensure matrix-postgres-backup.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-postgres-backup.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-postgres-backup.service" + mode: 0644 + register: matrix_postgres_backup_systemd_service_result + when: matrix_postgres_backup_enabled|bool + +- name: Ensure systemd reloaded after matrix-postgres-backup.service installation + service: + daemon_reload: yes + when: "matrix_postgres_backup_enabled|bool and matrix_postgres_backup_systemd_service_result.changed" + +# +# Tasks related to getting rid of the internal postgres backup server (if it was previously enabled) +# + +- name: Check existence of matrix-postgres-backup service + stat: + path: "{{ matrix_systemd_path }}/matrix-postgres-backup.service" + register: matrix_postgres_backup_service_stat + when: "not matrix_postgres_backup_enabled|bool" + +- name: Ensure matrix-postgres-backup is stopped + service: + name: matrix-postgres-backup + state: stopped + daemon_reload: yes + when: "not matrix_postgres_backup_enabled|bool and matrix_postgres_backup_service_stat.stat.exists" + +- name: Ensure matrix-postgres-backup.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-postgres-backup.service" + state: absent + when: "not matrix_postgres_backup_enabled|bool and matrix_postgres_backup_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-postgres-backup.service removal + service: + daemon_reload: yes + when: "not matrix_postgres_backup_enabled|bool and matrix_postgres_backup_service_stat.stat.exists" + +- name: Check existence of matrix-postgres-backup backup path + stat: + path: "{{ matrix_postgres_backup_path }}" + register: matrix_postgres_backup_path_stat + when: "not matrix_postgres_backup_enabled|bool" + +# We just want to notify the user. Deleting data is too destructive. +- name: Inject warning if matrix-postgres backup data remains + set_fact: + matrix_playbook_runtime_results: | + {{ + matrix_playbook_runtime_results|default([]) + + + [ + "NOTE: You are not using the local backup service to backup the PostgreSQL database, but some old data remains from before in `{{ matrix_postgres_backup_path }}`. Feel free to delete it." + ] + }} + when: "not matrix_postgres_backup_enabled|bool and matrix_postgres_backup_path_stat.stat.exists" diff --git a/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml b/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml new file mode 100644 index 00000000..da15a287 --- /dev/null +++ b/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml @@ -0,0 +1,56 @@ +--- + +# This utility aims to determine if there is some existing Postgres version in use or not. +# If there is, it also tries to detect the Docker image that corresponds to that version. + +- name: Initialize Postgres version determination variables (default to empty) + set_fact: + matrix_postgres_detection_pg_version_path: "{{ matrix_postgres_data_path }}/PG_VERSION" + matrix_postgres_detected_existing: false + matrix_postgres_detected_version: "" + matrix_postgres_detected_version_corresponding_docker_image: "" + +- name: Determine existing Postgres version (check PG_VERSION file) + stat: + path: "{{ matrix_postgres_detection_pg_version_path }}" + register: result_pg_version_stat + +- set_fact: + matrix_postgres_detected_existing: true + when: "result_pg_version_stat.stat.exists" + +- name: Determine existing Postgres version (read PG_VERSION file) + slurp: + src: "{{ matrix_postgres_detection_pg_version_path }}" + register: result_pg_version + when: matrix_postgres_detected_existing|bool + +- name: Determine existing Postgres version (make sense of PG_VERSION file) + set_fact: + matrix_postgres_detected_version: "{{ result_pg_version['content']|b64decode|replace('\n', '') }}" + when: matrix_postgres_detected_existing|bool + +- name: Determine corresponding Docker image to detected version (assume default of latest) + set_fact: + matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_latest }}" + when: "matrix_postgres_detected_version != ''" + +- name: Determine corresponding Docker image to detected version (use 9.x, if detected) + set_fact: + matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v9 }}" + when: "matrix_postgres_detected_version.startswith('9.')" + +- name: Determine corresponding Docker image to detected version (use 10.x, if detected) + set_fact: + matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v10 }}" + when: "matrix_postgres_detected_version == '10' or matrix_postgres_detected_version.startswith('10.')" + +- name: Determine corresponding Docker image to detected version (use 11.x, if detected) + set_fact: + matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v11 }}" + when: "matrix_postgres_detected_version == '11' or matrix_postgres_detected_version.startswith('11.')" + +- name: Determine corresponding Docker image to detected version (use 12.x, if detected) + set_fact: + matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v12 }}" + when: "matrix_postgres_detected_version == '12' or matrix_postgres_detected_version.startswith('12.')" diff --git a/roles/matrix-postgres-backup/tasks/validate_config.yml b/roles/matrix-postgres-backup/tasks/validate_config.yml new file mode 100644 index 00000000..91d1783b --- /dev/null +++ b/roles/matrix-postgres-backup/tasks/validate_config.yml @@ -0,0 +1,27 @@ +--- + +# This is separate (from the other required variables below), +# because we'd like to have a friendlier message for our existing users. +- name: Fail if matrix_postgres_connection_password not defined + fail: + msg: >- + The playbook no longer has a default Postgres password defined in the `matrix_postgres_connection_password` variable, among lots of other Postgres changes. + You need to perform multiple manual steps to resolve this. + See our changelog for more details: + https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#breaking-change-postgres-changes-that-require-manual-intervention + when: "matrix_postgres_connection_password == ''" + +- name: Fail if required Postgres settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_postgres_connection_hostname" + - "matrix_postgres_connection_username" + - "matrix_postgres_connection_password" + - "matrix_postgres_backup_schedule" + - "matrix_postgres_backup_keep_days" + - "matrix_postgres_backup_keep_weeks" + - "matrix_postgres_backup_keep_months" + - "matrix_postgres_backup_path" diff --git a/roles/matrix-postgres-backup/templates/env-postgres-backup.j2 b/roles/matrix-postgres-backup/templates/env-postgres-backup.j2 new file mode 100644 index 00000000..1d617fd3 --- /dev/null +++ b/roles/matrix-postgres-backup/templates/env-postgres-backup.j2 @@ -0,0 +1,12 @@ +#jinja2: lstrip_blocks: "True" +POSTGRES_USER={{ matrix_postgres_connection_username }} +POSTGRES_PASSWORD={{ matrix_postgres_connection_password }} +POSTGRES_HOST={{ matrix_postgres_connection_hostname }} +POSTGRES_DB={{ matrix_postgres_backup_db_list }} +POSTGRES_EXTRA_OPTS={{ matrix_postgres_backup_extra_opts }} +SCHEDULE={{ matrix_postgres_backup_schedule }} +BACKUP_KEEP_DAYS={{ matrix_postgres_backup_keep_days }} +BACKUP_KEEP_WEEKS={{ matrix_postgres_backup_keep_weeks }} +BACKUP_KEEP_MONTHS={{ matrix_postgres_backup_keep_months }} +HEALTHCHECK_PORT={{ matrix_postgres_backup_healthcheck_port }} +POSTGRES_PORT={{ matrix_postgres_connection_port }} \ No newline at end of file diff --git a/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 b/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 new file mode 100644 index 00000000..97c9ae7f --- /dev/null +++ b/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 @@ -0,0 +1,31 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Automatic Backup of Matrix Postgres server +After=docker.service +Requires=docker.service +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_docker }} stop matrix-postgres-backup +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres-backup 2>/dev/null' + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres-backup \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --network={{ matrix_docker_network }} \ + --env-file={{ matrix_postgres_backup_path }}/env-postgres-backup \ + --mount type=bind,src={{ matrix_postgres_backup_path }},dst=/backups \ + {{ matrix_postgres_backup_docker_image_to_use }} + +ExecStop=-{{ matrix_host_command_docker }} stop matrix-postgres-backup +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres-backup 2>/dev/null' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-postgres-backup + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index 9bb1788f..386db939 100755 --- a/setup.yml +++ b/setup.yml @@ -38,4 +38,6 @@ - matrix-nginx-proxy - matrix-coturn - matrix-aux + - matrix-postgres-backup - matrix-common-after + From 6e72fb9a585302e3bf73f81268320bbcdb2f9e94 Mon Sep 17 00:00:00 2001 From: foxcris <361299+foxcris@users.noreply.github.com> Date: Mon, 15 Feb 2021 20:41:06 +0100 Subject: [PATCH 02/44] - added a description howto use the postgres-backup role --- docs/configuring-playbook-postgres-backup.md | 42 ++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 docs/configuring-playbook-postgres-backup.md diff --git a/docs/configuring-playbook-postgres-backup.md b/docs/configuring-playbook-postgres-backup.md new file mode 100644 index 00000000..282700c4 --- /dev/null +++ b/docs/configuring-playbook-postgres-backup.md @@ -0,0 +1,42 @@ +# Setting up postgres backup (optional) + +The playbook can install and configure [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) for you. + +## Adjusting the playbook configuration + +| Name | Default value | Description | +| :-------------------------------- | :--------------------------- | :--------------------------------------------------------------- | +|matrix_postgres_backaup_enabled|false|Set to true to use [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) to create automatic database backups| +|matrix_postgres_backup_schedule| '@daily' |Cron-schedule specifying the interval between postgres backups.| +|matrix_postgres_backup_keep_days|"7"|Number of daily backups to keep| +|matrix_postgres_backup_keep_weeks|"4"|Number of weekly backups to keep| +|matrix_postgres_backup_keep_months|"12"|Number of monthly backups to keep| +|matrix_postgres_backup_path | "{{ matrix_base_data_path }}/postgres-backup" | Storagepath for the database backups| +|matrix_postgres_backup_matrix_reminder_bot_enabled| false | Set to true to backup matrix_reminder_bot database. Per default matrix-reminder-bot uses an sqlite database. Only use this if you are using a postgres database for matrix-reminder-bot. | +|matrix_postgres_backup_matrix_appservice_discord_enabled| false | Set to true to backup matrix_appservice_discord database. Per default matrix_appservice_discord uses an sqlite database. Only use this if you are using a postgres database for matrix_appservice_discord. | +|matrix_postgres_backup_matrix_appservice_irc_enabled| false | Set to true to backup matrix_appservice_irc database. Per default matrix_appservice_irc uses an nedb database. Only use this if you are using a postgres database for matrix_appservice_irc. | +|matrix_postgres_backup_matrix_appservice_slack_enabled| false | Set to true to backup matrix_appservice_slack database. Per default matrix_appservice_slack uses an nedb database. Only use this if you are using a postgres database for matrix_appservice_slack. | +|matrix_postgres_backup_matrix_mautrix_facebook_enabled| false | Set to true to backup matrix_mautrix_facebook database. Per default matrix_mautrix_facebook uses an postgresned database. | +|matrix_postgres_backup_matrix_mautrix_hangouts_enabled| false | Set to true to backup _matrix_mautrix_hangouts database. Per default _matrix_mautrix_hangouts uses an sqlite database. Only use this if you are using a postgres database for _matrix_mautrix_hangouts. | +|matrix_postgres_backup_matrix_mautrix_signal_enabled| false | Set to true to backup matrix_mautrix_signal database. Per default matrix_mautrix_signal uses an postgres database. | +|matrix_postgres_backup_matrix_mautrix_telegram_enabled| false | Set to true to backup matrix_mautrix_telegram database. Per default matrix_mautrix_telegram uses an sqlite database. Only use this if you are using a postgres database for matrix_mautrix_telegram. | +|matrix_postgres_backup_matrix_mautrix_whatsapp_enabled| false | Set to true to backup matrix_mautrix_whatsapp database. Per default matrix_mautrix_whatsapp uses an sqlite database. Only use this if you are using a postgres database for matrix_mautrix_whatsapp. | +|matrix_postgres_backup_matrix_mx_puppet_discord_enabled| false | Set to true to backup matrix_mx_puppet_discord database. Per default matrix_mx_puppet_discord uses an sqlite database. Only use this if you are using a postgres database for matrix_mx_puppet_discord. | +|matrix_postgres_backup_matrix_mx_puppet_instagram_enabled| false | Set to true to backup matrix_mx_puppet_instagram database. Per default matrix_mx_puppet_instagram uses an sqlite database. Only use this if you are using a postgres database for matrix_mx_puppet_instagram. | +|matrix_postgres_backup_matrix_mx_puppet_skype_enabled| false | Set to true to backup matrix_mx_puppet_skype database. Per default matrix_mx_puppet_skype uses an sqlite database. Only use this if you are using a postgres database for matrix_mx_puppet_skype. | +|matrix_postgres_backup_matrix_mx_puppet_slack_enabled| false | Set to true to backup matrix_mx_puppet_slack database. Per default matrix_mx_puppet_slack uses an sqlite database. Only use this if you +|matrix_postgres_backup_matrix_mx_puppet_steam_enabled| false | Set to true to backup matrix_mx_puppet_steam database. Per default matrix_mx_puppet_steam uses an sqlite database. Only use this if you are using a postgres database for matrix_mx_puppet_steam. | +|matrix_postgres_backup_matrix_mx_puppet_twitter_enabled| false | Set to true to backup matrix_mx_puppet_twitter database. Per default matrix_mx_puppet_twitter uses an sqlite database. Only use this if you are using a postgres database for matrix_mx_puppet_twitter. | +|matrix_postgres_backup_matrix_dimension_enabled| false | Set to true to backup matrix_dimension database. Per default matrix_dimension uses an sqlite database. Only use this if you are using a postgres database for matrix_dimension. | +|matrix_postgres_backup_matrix_etherpad_enabled| false | Set to true to backup matrix_etherpad database. Per default matrix_etherpad uses an sqlite database. Only use this if you are using a postgres database for matrix_etherpad. | +|matrix_postgres_backup_matrix_ma1sd_enabled| false | Set to true to backup matrix_ma1sd database. Per default matrix_ma1sd uses an sqlite database. Only use this if you are using a postgres database for matrix_ma1sd. | +|matrix_postgres_backup_matrix_registration_enabled| false | Set to true to backup matrix_registration database. Per default matrix_registration uses an sqlite database. Only use this if you are using a postgres database for matrix_registration. | +|matrix_postgres_backup_matrix_synapse_enabled| true | Set to false to disabble backup of matrix_synapse database. | + +## Installing + +After configuring the playbook, run the [installation](installing.md) command again: + +``` +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` \ No newline at end of file From 88d59f97c21eee0b6233d790f76b1be26cc7d5b3 Mon Sep 17 00:00:00 2001 From: foxcris <361299+foxcris@users.noreply.github.com> Date: Sat, 6 Mar 2021 11:43:59 +0100 Subject: [PATCH 03/44] - --- .../tasks/build_database_list.yml | 350 +++++++++--------- 1 file changed, 175 insertions(+), 175 deletions(-) diff --git a/roles/matrix-postgres-backup/tasks/build_database_list.yml b/roles/matrix-postgres-backup/tasks/build_database_list.yml index 9937c4d0..e1be70a0 100644 --- a/roles/matrix-postgres-backup/tasks/build_database_list.yml +++ b/roles/matrix-postgres-backup/tasks/build_database_list.yml @@ -1,176 +1,176 @@ - ---- - -# Detect wich databases have to backuped -# Default value is the "matrix_postgres_db_name" -# has to be extended for each service using a seperate db in postgres -# - name: Check if matrix_reminder_bot uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_bot_matrix_reminder_bot_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_bot_matrix_reminder_bot_database_engine == 'postgres' - -# - name: Check if matrix_appservice_discord uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_appservice_discord_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_appservice_discord_database_engine == 'postgres' - -# - name: Check if matrix_appservice_irc uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_appservice_irc_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_appservice_irc_database_engine == 'postgres' - -# - name: Check if matrix_appservice_slack_database uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_appservice_slack_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_appservice_slack_database_engine == 'postgres' - -# - name: Check if matrix_mautrix_facebook uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mautrix_facebook_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_mautrix_facebook_database_engine == 'postgres' - -# - name: Check if matrix_mautrix_hangouts uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mautrix_hangouts_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_mautrix_hangouts_database_engine == 'postgres' - -# - name: Check if matrix_mautrix_signal uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mautrix_signal_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_mautrix_signal_database_engine == 'postgres' - -# - name: Check if matrix_mautrix_telegram uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mautrix_telegram_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_mautrix_telegram_database_engine == 'postgres' - -# - name: Check if matrix_mautrix_whatsapp uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mautrix_whatsapp_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_mautrix_whatsapp_database_engine == 'postgres' - -# - name: Check if matrix_mx_puppet_discord uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_discord_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_mx_puppet_discord_database_engine == 'postgres' - -# - name: Check if matrix_mx_puppet_instagram uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_instagram_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_mx_puppet_instagram_database_engine == 'postgres' - -# - name: Check if matrix_mx_puppet_skype uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_skype_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_mx_puppet_skype_database_engine == 'postgres' - -# - name: Check if matrix_mx_puppet_slack uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_slack_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_mx_puppet_slack_database_engine == 'postgres' - -# - name: Check if matrix_mx_puppet_steam uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_steam_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_mx_puppet_steam_database_engine == 'postgres' - -# - name: Check if matrix_mx_puppet_twitter uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_twitter_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_mx_puppet_twitter_database_engine == 'postgres' - -# - name: Check if matrix_dimension uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_dimension_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_dimension_database_engine == 'postgres' - -# - name: Check if matrix_etherpad uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_etherpad_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_etherpad_database_engine == 'postgres' - -# - name: Check if matrix_ma1sd uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_ma1sd_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_ma1sd_database_engine == 'postgres' - -# - name: Check if matrix_registration uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_registration_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_registration_database_engine == 'postgres' - -#- name: Build list of all databases to backup - part 1 -# set_fact: -# matrix_postgres_backup_db_list: '{% if item.enabled %}{% if matrix_postgres_backup_db_list=="" %}{{item.dbname}}{% else %}{{ matrix_postgres_backup_db_list }},{{item.dbname}}{% endif %}{% else %}{% endif %}' -# loop: -# - { enabled: '{{matrix_postgres_backup_matrix_reminder_bot_enabled|bool}}' , dbname: '{{ matrix_bot_matrix_reminder_bot_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_appservice_discord_enabled|bool}}' , dbname: '{{ matrix_appservice_discord_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_appservice_irc_enabled|bool}}' , dbname: '{{ matrix_appservice_irc_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_appservice_slack_enabled|bool}}' , dbname: '{{ matrix_appservice_slack_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_mautrix_facebook_enabled|bool}}' , dbname: '{{ matrix_mautrix_facebook_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_mautrix_hangouts_enabled|bool}}' , dbname: '{{ matrix_mautrix_hangouts_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_mautrix_signal_enabled|bool}}' , dbname: '{{ matrix_mautrix_signal_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_mautrix_telegram_enabled|bool}}' , dbname: '{{ matrix_mautrix_telegram_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_mautrix_whatsapp_enabled|bool}}' , dbname: '{{ matrix_mautrix_whatsapp_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_instagram_enabled|bool}}' , dbname: '{{ matrix_postgres_backup_matrix_mx_puppet_instagram_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_skype_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_skype_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_slack_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_slack_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_steam_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_steam_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_twitter_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_twitter_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_dimension_enabled|bool}}' , dbname: '{{ matrix_dimension_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_etherpad_enabled|bool}}' , dbname: '{{ matrix_etherpad_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_ma1sd_enabled|bool}}' , dbname: '{{ matrix_ma1sd_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_registration_enabled|bool}}' , dbname: '{{ matrix_registration_database_engine }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_synapse_enabled|bool}}' , dbname: '{{ matrix_postgres_db_name }}' } - -- name: Build list of all databases to backup - part 2 - set_fact: - matrix_postgres_backup_db_list_prepare: "{% set res = [ ] %}{% for db in matrix_postgres_backup_db_dict %}{% if db.enabled %}{% set ignored = res.append(db.dbname) %}{% endif %}{% endfor %}{{ res }}" - -- name: Build list of all databases to backup - part 1 - set_fact: - matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list_prepare | join(',') }}" - -- name: Going to backup the following list of databases - debug: - msg: "{{ matrix_postgres_backup_db_list }}" - when: matrix_postgres_backup_enabled|bool + +--- + +# Detect wich databases have to backuped +# Default value is the "matrix_postgres_db_name" +# has to be extended for each service using a seperate db in postgres +# - name: Check if matrix_reminder_bot uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_bot_matrix_reminder_bot_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_bot_matrix_reminder_bot_database_engine == 'postgres' + +# - name: Check if matrix_appservice_discord uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_appservice_discord_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_appservice_discord_database_engine == 'postgres' + +# - name: Check if matrix_appservice_irc uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_appservice_irc_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_appservice_irc_database_engine == 'postgres' + +# - name: Check if matrix_appservice_slack_database uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_appservice_slack_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_appservice_slack_database_engine == 'postgres' + +# - name: Check if matrix_mautrix_facebook uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mautrix_facebook_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mautrix_facebook_database_engine == 'postgres' + +# - name: Check if matrix_mautrix_hangouts uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mautrix_hangouts_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mautrix_hangouts_database_engine == 'postgres' + +# - name: Check if matrix_mautrix_signal uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mautrix_signal_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mautrix_signal_database_engine == 'postgres' + +# - name: Check if matrix_mautrix_telegram uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mautrix_telegram_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mautrix_telegram_database_engine == 'postgres' + +# - name: Check if matrix_mautrix_whatsapp uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mautrix_whatsapp_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mautrix_whatsapp_database_engine == 'postgres' + +# - name: Check if matrix_mx_puppet_discord uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_discord_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mx_puppet_discord_database_engine == 'postgres' + +# - name: Check if matrix_mx_puppet_instagram uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_instagram_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mx_puppet_instagram_database_engine == 'postgres' + +# - name: Check if matrix_mx_puppet_skype uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_skype_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mx_puppet_skype_database_engine == 'postgres' + +# - name: Check if matrix_mx_puppet_slack uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_slack_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mx_puppet_slack_database_engine == 'postgres' + +# - name: Check if matrix_mx_puppet_steam uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_steam_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mx_puppet_steam_database_engine == 'postgres' + +# - name: Check if matrix_mx_puppet_twitter uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_twitter_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mx_puppet_twitter_database_engine == 'postgres' + +# - name: Check if matrix_dimension uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_dimension_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_dimension_database_engine == 'postgres' + +# - name: Check if matrix_etherpad uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_etherpad_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_etherpad_database_engine == 'postgres' + +# - name: Check if matrix_ma1sd uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_ma1sd_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_ma1sd_database_engine == 'postgres' + +# - name: Check if matrix_registration uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_registration_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_registration_database_engine == 'postgres' + +#- name: Build list of all databases to backup - part 1 +# set_fact: +# matrix_postgres_backup_db_list: '{% if item.enabled %}{% if matrix_postgres_backup_db_list=="" %}{{item.dbname}}{% else %}{{ matrix_postgres_backup_db_list }},{{item.dbname}}{% endif %}{% else %}{% endif %}' +# loop: +# - { enabled: '{{matrix_postgres_backup_matrix_reminder_bot_enabled|bool}}' , dbname: '{{ matrix_bot_matrix_reminder_bot_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_appservice_discord_enabled|bool}}' , dbname: '{{ matrix_appservice_discord_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_appservice_irc_enabled|bool}}' , dbname: '{{ matrix_appservice_irc_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_appservice_slack_enabled|bool}}' , dbname: '{{ matrix_appservice_slack_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mautrix_facebook_enabled|bool}}' , dbname: '{{ matrix_mautrix_facebook_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mautrix_hangouts_enabled|bool}}' , dbname: '{{ matrix_mautrix_hangouts_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mautrix_signal_enabled|bool}}' , dbname: '{{ matrix_mautrix_signal_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mautrix_telegram_enabled|bool}}' , dbname: '{{ matrix_mautrix_telegram_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mautrix_whatsapp_enabled|bool}}' , dbname: '{{ matrix_mautrix_whatsapp_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_instagram_enabled|bool}}' , dbname: '{{ matrix_postgres_backup_matrix_mx_puppet_instagram_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_skype_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_skype_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_slack_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_slack_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_steam_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_steam_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_twitter_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_twitter_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_dimension_enabled|bool}}' , dbname: '{{ matrix_dimension_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_etherpad_enabled|bool}}' , dbname: '{{ matrix_etherpad_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_ma1sd_enabled|bool}}' , dbname: '{{ matrix_ma1sd_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_registration_enabled|bool}}' , dbname: '{{ matrix_registration_database_engine }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_synapse_enabled|bool}}' , dbname: '{{ matrix_postgres_db_name }}' } + +- name: Build list of all databases to backup - part 2 + set_fact: + matrix_postgres_backup_db_list_prepare: "{% set res = [ ] %}{% for db in matrix_postgres_backup_db_dict %}{% if db.enabled %}{% set ignored = res.append(db.dbname) %}{% endif %}{% endfor %}{{ res }}" + +- name: Build list of all databases to backup - part 1 + set_fact: + matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list_prepare | join(',') }}" + +- name: Going to backup the following list of databases + debug: + msg: "{{ matrix_postgres_backup_db_list }}" + when: matrix_postgres_backup_enabled|bool \ No newline at end of file From d61236213ede5dac8a5c40424ee0eebf245c93c0 Mon Sep 17 00:00:00 2001 From: foxcris <361299+foxcris@users.noreply.github.com> Date: Tue, 16 Mar 2021 09:59:18 +0100 Subject: [PATCH 04/44] - Fixed typo --- docs/configuring-playbook-postgres-backup.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-postgres-backup.md b/docs/configuring-playbook-postgres-backup.md index 282700c4..56992917 100644 --- a/docs/configuring-playbook-postgres-backup.md +++ b/docs/configuring-playbook-postgres-backup.md @@ -6,7 +6,7 @@ The playbook can install and configure [docker-postgres-backup-local](https://gi | Name | Default value | Description | | :-------------------------------- | :--------------------------- | :--------------------------------------------------------------- | -|matrix_postgres_backaup_enabled|false|Set to true to use [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) to create automatic database backups| +|matrix_postgres_backup_enabled|false|Set to true to use [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) to create automatic database backups| |matrix_postgres_backup_schedule| '@daily' |Cron-schedule specifying the interval between postgres backups.| |matrix_postgres_backup_keep_days|"7"|Number of daily backups to keep| |matrix_postgres_backup_keep_weeks|"4"|Number of weekly backups to keep| From 1e45eeab7b35fc495a151ce0d8c39fdf5444148e Mon Sep 17 00:00:00 2001 From: foxcris <361299+foxcris@users.noreply.github.com> Date: Tue, 16 Mar 2021 10:05:07 +0100 Subject: [PATCH 05/44] - fixed typo --- roles/matrix-postgres-backup/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-postgres-backup/defaults/main.yml b/roles/matrix-postgres-backup/defaults/main.yml index d01534d0..c1ee08bb 100644 --- a/roles/matrix-postgres-backup/defaults/main.yml +++ b/roles/matrix-postgres-backup/defaults/main.yml @@ -1,4 +1,4 @@ -matrix_postgres_backaup_enabled: false +matrix_postgres_backup_enabled: false matrix_postgres_connection_hostname: "matrix-postgres" matrix_postgres_connection_port: 5432 From ecc6bdb3ca1e479243634665babbed4341615e3a Mon Sep 17 00:00:00 2001 From: foxcris <361299+foxcris@users.noreply.github.com> Date: Tue, 16 Mar 2021 10:18:26 +0100 Subject: [PATCH 06/44] - changed variables names to use role specific one and redefine them using group_vars/matrix_servers --- group_vars/matrix_servers | 17 +++++++++++++++++ roles/matrix-postgres-backup/defaults/main.yml | 8 ++++---- 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 5d76a60c..2718937c 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1407,3 +1407,20 @@ matrix_registration_database_password: "{{ matrix_synapse_macaroon_secret_key | # /matrix-registration # ###################################################################### + +###################################################################### +# +# matrix-postgres-backup +# +###################################################################### + +matrix_postgres_backup_connection_hostname: "{{ matrix_postgres_connection_hostname }}" +matrix_postgres_backup_connection_port: "{{ matrix_postgres_connection_port }}" +matrix_postgres_backup_connection_username: "{{ matrix_postgres_connection_username }}" +matrix_postgres_backup_connection_password: "{{ matrix_postgres_connection_password }}" + +###################################################################### +# +# /matrix-postgres-backup +# +###################################################################### \ No newline at end of file diff --git a/roles/matrix-postgres-backup/defaults/main.yml b/roles/matrix-postgres-backup/defaults/main.yml index c1ee08bb..f0407286 100644 --- a/roles/matrix-postgres-backup/defaults/main.yml +++ b/roles/matrix-postgres-backup/defaults/main.yml @@ -1,9 +1,9 @@ matrix_postgres_backup_enabled: false -matrix_postgres_connection_hostname: "matrix-postgres" -matrix_postgres_connection_port: 5432 -matrix_postgres_connection_username: "matrix" -matrix_postgres_connection_password: "" +matrix_postgres_backup_connection_hostname: "matrix-postgres" +matrix_postgres_backup_connection_port: 5432 +matrix_postgres_backup_connection_username: "matrix" +matrix_postgres_backup_connection_password: "" matrix_postgres_backup_extra_opts: "-Z9 --schema=public --blobs" matrix_postgres_backup_schedule: "@daily" From 604ffe7d7920307719c21b97cf7f75911a54b296 Mon Sep 17 00:00:00 2001 From: foxcris <361299+foxcris@users.noreply.github.com> Date: Tue, 16 Mar 2021 10:24:47 +0100 Subject: [PATCH 07/44] - adapted validate_config.yml to use the renamed variables --- .../tasks/validate_config.yml | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/roles/matrix-postgres-backup/tasks/validate_config.yml b/roles/matrix-postgres-backup/tasks/validate_config.yml index 91d1783b..bc788db7 100644 --- a/roles/matrix-postgres-backup/tasks/validate_config.yml +++ b/roles/matrix-postgres-backup/tasks/validate_config.yml @@ -1,25 +1,15 @@ --- -# This is separate (from the other required variables below), -# because we'd like to have a friendlier message for our existing users. -- name: Fail if matrix_postgres_connection_password not defined - fail: - msg: >- - The playbook no longer has a default Postgres password defined in the `matrix_postgres_connection_password` variable, among lots of other Postgres changes. - You need to perform multiple manual steps to resolve this. - See our changelog for more details: - https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#breaking-change-postgres-changes-that-require-manual-intervention - when: "matrix_postgres_connection_password == ''" - - name: Fail if required Postgres settings not defined fail: msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" with_items: - - "matrix_postgres_connection_hostname" - - "matrix_postgres_connection_username" - - "matrix_postgres_connection_password" + - "matrix_postgres_backup_connection_hostname" + - "matrix_postgres_backup_connection_username" + - "matrix_postgres_backup_connection_password" + - "matrix_postgres_backup_connection_port" - "matrix_postgres_backup_schedule" - "matrix_postgres_backup_keep_days" - "matrix_postgres_backup_keep_weeks" From 43f7d9afb69be1a10b7e1bedf4fc119226b547ec Mon Sep 17 00:00:00 2001 From: foxcris <361299+foxcris@users.noreply.github.com> Date: Tue, 16 Mar 2021 10:49:04 +0100 Subject: [PATCH 08/44] - removed dynamic building of the postgres db list an reused matrix_postgres_additional_databases in group_vars/matrix_servers as source for the list - adjusted env-postgres-backup.j2 to use the new role specific variables --- group_vars/matrix_servers | 2 + .../matrix-postgres-backup/defaults/main.yml | 104 +----------------- .../tasks/setup_postgres_backup.yml | 5 - .../tasks/validate_config.yml | 1 + .../templates/env-postgres-backup.j2 | 8 +- 5 files changed, 9 insertions(+), 111 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 2718937c..ec6d726e 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1419,6 +1419,8 @@ matrix_postgres_backup_connection_port: "{{ matrix_postgres_connection_port }}" matrix_postgres_backup_connection_username: "{{ matrix_postgres_connection_username }}" matrix_postgres_backup_connection_password: "{{ matrix_postgres_connection_password }}" +matrix_postgres_backup_db_list: "{{ matrix_postgres_additional_databases|map(attribute='name')|join(', ') }}" + ###################################################################### # # /matrix-postgres-backup diff --git a/roles/matrix-postgres-backup/defaults/main.yml b/roles/matrix-postgres-backup/defaults/main.yml index f0407286..27ef1fd3 100644 --- a/roles/matrix-postgres-backup/defaults/main.yml +++ b/roles/matrix-postgres-backup/defaults/main.yml @@ -5,6 +5,8 @@ matrix_postgres_backup_connection_port: 5432 matrix_postgres_backup_connection_username: "matrix" matrix_postgres_backup_connection_password: "" +matrix_postgres_backup_db_list: "" + matrix_postgres_backup_extra_opts: "-Z9 --schema=public --blobs" matrix_postgres_backup_schedule: "@daily" matrix_postgres_backup_keep_days: "7" @@ -17,108 +19,6 @@ matrix_postgres_backup_path: "{{ matrix_base_data_path }}/postgres-backup" matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres" matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data" -# uses sqlite per default -matrix_postgres_backup_matrix_reminder_bot_enabled: false -matrix_bot_matrix_reminder_bot_database_name: 'matrix_reminder_bot' - -# uses sqlite per default -matrix_postgres_backup_matrix_appservice_discord_enabled: false -matrix_appservice_discord_database_name: 'matrix_appservice_discord' - -# uses nedb per default -matrix_postgres_backup_matrix_appservice_irc_enabled: false -matrix_appservice_irc_database_name: 'matrix_appservice_irc' - -# uses nedb per default -matrix_postgres_backup_matrix_appservice_slack_enabled: false -matrix_appservice_slack_database_name: 'matrix_appservice_slack' - -# uses postgres per default -matrix_postgres_backup_matrix_mautrix_facebook_enabled: false -matrix_mautrix_facebook_database_name: 'matrix_mautrix_facebook' - -# uses sqlite per default -matrix_postgres_backup_matrix_mautrix_hangouts_enabled: false -matrix_mautrix_hangouts_database_name: 'matrix_mautrix_hangouts' - -# uses postgres per default -matrix_postgres_backup_matrix_mautrix_signal_enabled: false -matrix_mautrix_signal_database_name: 'matrix_mautrix_signal' - -# uses sqlite per default -matrix_postgres_backup_matrix_mautrix_telegram_enabled: false -matrix_mautrix_telegram_database_name: 'matrix_mautrix_telegram' - -# uses sqlite per default -matrix_postgres_backup_matrix_mautrix_whatsapp_enabled: false -matrix_mautrix_whatsapp_database_name: 'matrix_mautrix_whatsapp' - -# uses sqlite per default -matrix_postgres_backup_matrix_mx_puppet_discord_enabled: false -matrix_mx_puppet_discord_database_name: 'matrix_mx_puppet_discord' - -# uses sqlite per default -matrix_postgres_backup_matrix_mx_puppet_instagram_enabled: false -matrix_postgres_backup_matrix_mx_puppet_instagram_name: 'matrix_mx_puppet_instagram' - -# uses sqlite per default -matrix_postgres_backup_matrix_mx_puppet_skype_enabled: false -matrix_mx_puppet_skype_database_name: 'matrix_mx_puppet_skype' - -# uses sqlite per default -matrix_postgres_backup_matrix_mx_puppet_slack_enabled: false -matrix_mx_puppet_slack_database_name: 'matrix_mx_puppet_slack' - -# uses sqlite per default -matrix_postgres_backup_matrix_mx_puppet_steam_enabled: false -matrix_mx_puppet_steam_database_name: 'matrix_mx_puppet_steam' - -# uses sqlite per default -matrix_postgres_backup_matrix_mx_puppet_twitter_enabled: false -matrix_mx_puppet_twitter_database_name: 'matrix_mx_puppet_twitter' - -# uses sqlite per default -matrix_postgres_backup_matrix_dimension_enabled: false -matrix_dimension_database_name: 'matrix_dimension' - -# uses sqlite per default -matrix_postgres_backup_matrix_etherpad_enabled: false -matrix_etherpad_database_name: 'matrix_etherpad' - -# uses sqlite per default -matrix_postgres_backup_matrix_ma1sd_enabled: false -matrix_ma1sd_database_name: 'matrix_ma1sd' - -# uses sqlite per default -matrix_postgres_backup_matrix_registration_enabled: false -matrix_registration_database_engine: 'matrix_registration' - -# uses postgres per default -matrix_postgres_backup_matrix_synapse_enabled: true -matrix_postgres_db_name: 'matrix' - -matrix_postgres_backup_db_dict: - - { enabled: '{{matrix_postgres_backup_matrix_reminder_bot_enabled|bool}}' , dbname: '{{ matrix_bot_matrix_reminder_bot_database_name }}' } - - { enabled: '{{matrix_postgres_backup_matrix_appservice_discord_enabled|bool}}' , dbname: '{{ matrix_appservice_discord_database_name }}' } - - { enabled: '{{matrix_postgres_backup_matrix_appservice_irc_enabled|bool}}' , dbname: '{{ matrix_appservice_irc_database_name }}' } - - { enabled: '{{matrix_postgres_backup_matrix_appservice_slack_enabled|bool}}' , dbname: '{{ matrix_appservice_slack_database_name }}' } - - { enabled: '{{matrix_postgres_backup_matrix_mautrix_facebook_enabled|bool}}' , dbname: '{{ matrix_mautrix_facebook_database_name }}' } - - { enabled: '{{matrix_postgres_backup_matrix_mautrix_hangouts_enabled|bool}}' , dbname: '{{ matrix_mautrix_hangouts_database_name }}' } - - { enabled: '{{matrix_postgres_backup_matrix_mautrix_signal_enabled|bool}}' , dbname: '{{ matrix_mautrix_signal_database_name }}' } - - { enabled: '{{matrix_postgres_backup_matrix_mautrix_telegram_enabled|bool}}' , dbname: '{{ matrix_mautrix_telegram_database_name }}' } - - { enabled: '{{matrix_postgres_backup_matrix_mautrix_whatsapp_enabled|bool}}' , dbname: '{{ matrix_mautrix_whatsapp_database_name }}' } - - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_instagram_enabled|bool}}' , dbname: '{{ matrix_postgres_backup_matrix_mx_puppet_instagram_name }}' } - - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_skype_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_skype_database_name }}' } - - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_slack_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_slack_database_name }}' } - - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_steam_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_steam_database_name }}' } - - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_twitter_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_twitter_database_name }}' } - - { enabled: '{{matrix_postgres_backup_matrix_dimension_enabled|bool}}' , dbname: '{{ matrix_dimension_database_name }}' } - - { enabled: '{{matrix_postgres_backup_matrix_etherpad_enabled|bool}}' , dbname: '{{ matrix_etherpad_database_name }}' } - - { enabled: '{{matrix_postgres_backup_matrix_ma1sd_enabled|bool}}' , dbname: '{{ matrix_ma1sd_database_name }}' } - - { enabled: '{{matrix_postgres_backup_matrix_registration_enabled|bool}}' , dbname: '{{ matrix_registration_database_engine }}' } - - { enabled: '{{matrix_postgres_backup_matrix_synapse_enabled|bool}}' , dbname: '{{ matrix_postgres_db_name }}' } - - matrix_postgres_backup_architecture: amd64 # matrix_postgres_docker_image_suffix controls whether we use Alpine-based images (`-alpine`) or the normal Debian-based images. diff --git a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml index dc6e68c4..640d4f14 100644 --- a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml +++ b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml @@ -3,7 +3,6 @@ # # Tasks related to setting up an internal postgres server # - - import_tasks: "{{ role_path }}/tasks/util/detect_existing_postgres_version.yml" when: matrix_postgres_enabled|bool @@ -34,10 +33,6 @@ - "{{ matrix_postgres_backup_path }}" when: matrix_postgres_backup_enabled|bool -#Build database list to backup -- import_tasks: "{{ role_path }}/tasks/build_database_list.yml" - when: matrix_postgres_backup_enabled|bool - - name: Ensure Postgres environment variables file created template: src: "{{ role_path }}/templates/{{ item }}.j2" diff --git a/roles/matrix-postgres-backup/tasks/validate_config.yml b/roles/matrix-postgres-backup/tasks/validate_config.yml index bc788db7..4cebdbcf 100644 --- a/roles/matrix-postgres-backup/tasks/validate_config.yml +++ b/roles/matrix-postgres-backup/tasks/validate_config.yml @@ -15,3 +15,4 @@ - "matrix_postgres_backup_keep_weeks" - "matrix_postgres_backup_keep_months" - "matrix_postgres_backup_path" + - "matrix_postgres_backup_db_list" diff --git a/roles/matrix-postgres-backup/templates/env-postgres-backup.j2 b/roles/matrix-postgres-backup/templates/env-postgres-backup.j2 index 1d617fd3..c532e960 100644 --- a/roles/matrix-postgres-backup/templates/env-postgres-backup.j2 +++ b/roles/matrix-postgres-backup/templates/env-postgres-backup.j2 @@ -1,7 +1,7 @@ #jinja2: lstrip_blocks: "True" -POSTGRES_USER={{ matrix_postgres_connection_username }} -POSTGRES_PASSWORD={{ matrix_postgres_connection_password }} -POSTGRES_HOST={{ matrix_postgres_connection_hostname }} +POSTGRES_USER={{ matrix_postgres_backup_connection_username }} +POSTGRES_PASSWORD={{ matrix_postgres_backup_connection_password }} +POSTGRES_HOST={{ matrix_postgres_backup_connection_hostname }} POSTGRES_DB={{ matrix_postgres_backup_db_list }} POSTGRES_EXTRA_OPTS={{ matrix_postgres_backup_extra_opts }} SCHEDULE={{ matrix_postgres_backup_schedule }} @@ -9,4 +9,4 @@ BACKUP_KEEP_DAYS={{ matrix_postgres_backup_keep_days }} BACKUP_KEEP_WEEKS={{ matrix_postgres_backup_keep_weeks }} BACKUP_KEEP_MONTHS={{ matrix_postgres_backup_keep_months }} HEALTHCHECK_PORT={{ matrix_postgres_backup_healthcheck_port }} -POSTGRES_PORT={{ matrix_postgres_connection_port }} \ No newline at end of file +POSTGRES_PORT={{ matrix_postgres_backup_connection_port }} \ No newline at end of file From 11cd1cb0fae76b3e87f6f4a6d0ea423a013c5b43 Mon Sep 17 00:00:00 2001 From: foxcris <361299+foxcris@users.noreply.github.com> Date: Tue, 16 Mar 2021 11:40:16 +0100 Subject: [PATCH 09/44] - removed matrix_postgres_backup_db_list variable - add matrix_postgres_backup_databases to be build on top of matrix_postgres_additional_databases - POSTGRES_DB is now directly set from matrix_postgres_backup_databases while building the templates/env-postgres-backup.j2 --- group_vars/matrix_servers | 12 +++++++++++- roles/matrix-postgres-backup/defaults/main.yml | 3 +-- .../matrix-postgres-backup/tasks/validate_config.yml | 2 +- .../templates/env-postgres-backup.j2 | 2 +- 4 files changed, 14 insertions(+), 5 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index ec6d726e..b632b0d7 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1419,7 +1419,17 @@ matrix_postgres_backup_connection_port: "{{ matrix_postgres_connection_port }}" matrix_postgres_backup_connection_username: "{{ matrix_postgres_connection_username }}" matrix_postgres_backup_connection_password: "{{ matrix_postgres_connection_password }}" -matrix_postgres_backup_db_list: "{{ matrix_postgres_additional_databases|map(attribute='name')|join(', ') }}" +# the default matrix synapse databse is not always part of the matrix_postgres_additional_databases variable thus we have to add it if the default database is used +matrix_postgres_backup_databases: | + {{ + ([{ + 'name': matrix_synapse_database_database, + 'username': matrix_synapse_database_user, + 'password': matrix_synapse_database_password, + }] if (matrix_synapse_enabled and matrix_synapse_database_database == matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else []) + + + matrix_postgres_additional_databases + }} ###################################################################### # diff --git a/roles/matrix-postgres-backup/defaults/main.yml b/roles/matrix-postgres-backup/defaults/main.yml index 27ef1fd3..cfa690a3 100644 --- a/roles/matrix-postgres-backup/defaults/main.yml +++ b/roles/matrix-postgres-backup/defaults/main.yml @@ -5,8 +5,6 @@ matrix_postgres_backup_connection_port: 5432 matrix_postgres_backup_connection_username: "matrix" matrix_postgres_backup_connection_password: "" -matrix_postgres_backup_db_list: "" - matrix_postgres_backup_extra_opts: "-Z9 --schema=public --blobs" matrix_postgres_backup_schedule: "@daily" matrix_postgres_backup_keep_days: "7" @@ -15,6 +13,7 @@ matrix_postgres_backup_keep_months: "12" matrix_postgres_backup_healthcheck_port: "8080" matrix_postgres_backup_db_list: "" matrix_postgres_backup_path: "{{ matrix_base_data_path }}/postgres-backup" +matrix_postgres_backup_databases: "" matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres" matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data" diff --git a/roles/matrix-postgres-backup/tasks/validate_config.yml b/roles/matrix-postgres-backup/tasks/validate_config.yml index 4cebdbcf..fda9b919 100644 --- a/roles/matrix-postgres-backup/tasks/validate_config.yml +++ b/roles/matrix-postgres-backup/tasks/validate_config.yml @@ -15,4 +15,4 @@ - "matrix_postgres_backup_keep_weeks" - "matrix_postgres_backup_keep_months" - "matrix_postgres_backup_path" - - "matrix_postgres_backup_db_list" + - "matrix_postgres_backup_databases" diff --git a/roles/matrix-postgres-backup/templates/env-postgres-backup.j2 b/roles/matrix-postgres-backup/templates/env-postgres-backup.j2 index c532e960..979d3762 100644 --- a/roles/matrix-postgres-backup/templates/env-postgres-backup.j2 +++ b/roles/matrix-postgres-backup/templates/env-postgres-backup.j2 @@ -2,7 +2,7 @@ POSTGRES_USER={{ matrix_postgres_backup_connection_username }} POSTGRES_PASSWORD={{ matrix_postgres_backup_connection_password }} POSTGRES_HOST={{ matrix_postgres_backup_connection_hostname }} -POSTGRES_DB={{ matrix_postgres_backup_db_list }} +POSTGRES_DB={{ matrix_postgres_backup_databases|map(attribute='name')|join(', ') }} POSTGRES_EXTRA_OPTS={{ matrix_postgres_backup_extra_opts }} SCHEDULE={{ matrix_postgres_backup_schedule }} BACKUP_KEEP_DAYS={{ matrix_postgres_backup_keep_days }} From 76fbc59b6139c99ac267d747fff8a8f678dc0981 Mon Sep 17 00:00:00 2001 From: foxcris <361299+foxcris@users.noreply.github.com> Date: Tue, 16 Mar 2021 11:50:01 +0100 Subject: [PATCH 10/44] - adapted documentation - removed build_database_list.yml --- docs/configuring-playbook-postgres-backup.md | 20 -- .../tasks/build_database_list.yml | 176 ------------------ 2 files changed, 196 deletions(-) delete mode 100644 roles/matrix-postgres-backup/tasks/build_database_list.yml diff --git a/docs/configuring-playbook-postgres-backup.md b/docs/configuring-playbook-postgres-backup.md index 56992917..7be0064f 100644 --- a/docs/configuring-playbook-postgres-backup.md +++ b/docs/configuring-playbook-postgres-backup.md @@ -12,26 +12,6 @@ The playbook can install and configure [docker-postgres-backup-local](https://gi |matrix_postgres_backup_keep_weeks|"4"|Number of weekly backups to keep| |matrix_postgres_backup_keep_months|"12"|Number of monthly backups to keep| |matrix_postgres_backup_path | "{{ matrix_base_data_path }}/postgres-backup" | Storagepath for the database backups| -|matrix_postgres_backup_matrix_reminder_bot_enabled| false | Set to true to backup matrix_reminder_bot database. Per default matrix-reminder-bot uses an sqlite database. Only use this if you are using a postgres database for matrix-reminder-bot. | -|matrix_postgres_backup_matrix_appservice_discord_enabled| false | Set to true to backup matrix_appservice_discord database. Per default matrix_appservice_discord uses an sqlite database. Only use this if you are using a postgres database for matrix_appservice_discord. | -|matrix_postgres_backup_matrix_appservice_irc_enabled| false | Set to true to backup matrix_appservice_irc database. Per default matrix_appservice_irc uses an nedb database. Only use this if you are using a postgres database for matrix_appservice_irc. | -|matrix_postgres_backup_matrix_appservice_slack_enabled| false | Set to true to backup matrix_appservice_slack database. Per default matrix_appservice_slack uses an nedb database. Only use this if you are using a postgres database for matrix_appservice_slack. | -|matrix_postgres_backup_matrix_mautrix_facebook_enabled| false | Set to true to backup matrix_mautrix_facebook database. Per default matrix_mautrix_facebook uses an postgresned database. | -|matrix_postgres_backup_matrix_mautrix_hangouts_enabled| false | Set to true to backup _matrix_mautrix_hangouts database. Per default _matrix_mautrix_hangouts uses an sqlite database. Only use this if you are using a postgres database for _matrix_mautrix_hangouts. | -|matrix_postgres_backup_matrix_mautrix_signal_enabled| false | Set to true to backup matrix_mautrix_signal database. Per default matrix_mautrix_signal uses an postgres database. | -|matrix_postgres_backup_matrix_mautrix_telegram_enabled| false | Set to true to backup matrix_mautrix_telegram database. Per default matrix_mautrix_telegram uses an sqlite database. Only use this if you are using a postgres database for matrix_mautrix_telegram. | -|matrix_postgres_backup_matrix_mautrix_whatsapp_enabled| false | Set to true to backup matrix_mautrix_whatsapp database. Per default matrix_mautrix_whatsapp uses an sqlite database. Only use this if you are using a postgres database for matrix_mautrix_whatsapp. | -|matrix_postgres_backup_matrix_mx_puppet_discord_enabled| false | Set to true to backup matrix_mx_puppet_discord database. Per default matrix_mx_puppet_discord uses an sqlite database. Only use this if you are using a postgres database for matrix_mx_puppet_discord. | -|matrix_postgres_backup_matrix_mx_puppet_instagram_enabled| false | Set to true to backup matrix_mx_puppet_instagram database. Per default matrix_mx_puppet_instagram uses an sqlite database. Only use this if you are using a postgres database for matrix_mx_puppet_instagram. | -|matrix_postgres_backup_matrix_mx_puppet_skype_enabled| false | Set to true to backup matrix_mx_puppet_skype database. Per default matrix_mx_puppet_skype uses an sqlite database. Only use this if you are using a postgres database for matrix_mx_puppet_skype. | -|matrix_postgres_backup_matrix_mx_puppet_slack_enabled| false | Set to true to backup matrix_mx_puppet_slack database. Per default matrix_mx_puppet_slack uses an sqlite database. Only use this if you -|matrix_postgres_backup_matrix_mx_puppet_steam_enabled| false | Set to true to backup matrix_mx_puppet_steam database. Per default matrix_mx_puppet_steam uses an sqlite database. Only use this if you are using a postgres database for matrix_mx_puppet_steam. | -|matrix_postgres_backup_matrix_mx_puppet_twitter_enabled| false | Set to true to backup matrix_mx_puppet_twitter database. Per default matrix_mx_puppet_twitter uses an sqlite database. Only use this if you are using a postgres database for matrix_mx_puppet_twitter. | -|matrix_postgres_backup_matrix_dimension_enabled| false | Set to true to backup matrix_dimension database. Per default matrix_dimension uses an sqlite database. Only use this if you are using a postgres database for matrix_dimension. | -|matrix_postgres_backup_matrix_etherpad_enabled| false | Set to true to backup matrix_etherpad database. Per default matrix_etherpad uses an sqlite database. Only use this if you are using a postgres database for matrix_etherpad. | -|matrix_postgres_backup_matrix_ma1sd_enabled| false | Set to true to backup matrix_ma1sd database. Per default matrix_ma1sd uses an sqlite database. Only use this if you are using a postgres database for matrix_ma1sd. | -|matrix_postgres_backup_matrix_registration_enabled| false | Set to true to backup matrix_registration database. Per default matrix_registration uses an sqlite database. Only use this if you are using a postgres database for matrix_registration. | -|matrix_postgres_backup_matrix_synapse_enabled| true | Set to false to disabble backup of matrix_synapse database. | ## Installing diff --git a/roles/matrix-postgres-backup/tasks/build_database_list.yml b/roles/matrix-postgres-backup/tasks/build_database_list.yml deleted file mode 100644 index e1be70a0..00000000 --- a/roles/matrix-postgres-backup/tasks/build_database_list.yml +++ /dev/null @@ -1,176 +0,0 @@ - ---- - -# Detect wich databases have to backuped -# Default value is the "matrix_postgres_db_name" -# has to be extended for each service using a seperate db in postgres -# - name: Check if matrix_reminder_bot uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_bot_matrix_reminder_bot_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_bot_matrix_reminder_bot_database_engine == 'postgres' - -# - name: Check if matrix_appservice_discord uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_appservice_discord_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_appservice_discord_database_engine == 'postgres' - -# - name: Check if matrix_appservice_irc uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_appservice_irc_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_appservice_irc_database_engine == 'postgres' - -# - name: Check if matrix_appservice_slack_database uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_appservice_slack_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_appservice_slack_database_engine == 'postgres' - -# - name: Check if matrix_mautrix_facebook uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mautrix_facebook_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_mautrix_facebook_database_engine == 'postgres' - -# - name: Check if matrix_mautrix_hangouts uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mautrix_hangouts_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_mautrix_hangouts_database_engine == 'postgres' - -# - name: Check if matrix_mautrix_signal uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mautrix_signal_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_mautrix_signal_database_engine == 'postgres' - -# - name: Check if matrix_mautrix_telegram uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mautrix_telegram_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_mautrix_telegram_database_engine == 'postgres' - -# - name: Check if matrix_mautrix_whatsapp uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mautrix_whatsapp_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_mautrix_whatsapp_database_engine == 'postgres' - -# - name: Check if matrix_mx_puppet_discord uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_discord_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_mx_puppet_discord_database_engine == 'postgres' - -# - name: Check if matrix_mx_puppet_instagram uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_instagram_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_mx_puppet_instagram_database_engine == 'postgres' - -# - name: Check if matrix_mx_puppet_skype uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_skype_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_mx_puppet_skype_database_engine == 'postgres' - -# - name: Check if matrix_mx_puppet_slack uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_slack_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_mx_puppet_slack_database_engine == 'postgres' - -# - name: Check if matrix_mx_puppet_steam uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_steam_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_mx_puppet_steam_database_engine == 'postgres' - -# - name: Check if matrix_mx_puppet_twitter uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_twitter_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_mx_puppet_twitter_database_engine == 'postgres' - -# - name: Check if matrix_dimension uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_dimension_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_dimension_database_engine == 'postgres' - -# - name: Check if matrix_etherpad uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_etherpad_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_etherpad_database_engine == 'postgres' - -# - name: Check if matrix_ma1sd uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_ma1sd_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_ma1sd_database_engine == 'postgres' - -# - name: Check if matrix_registration uses postgres database -# set_fact: -# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_registration_database_name }}" -# when: -# - matrix_postgres_backup_enabled|bool -# - matrix_registration_database_engine == 'postgres' - -#- name: Build list of all databases to backup - part 1 -# set_fact: -# matrix_postgres_backup_db_list: '{% if item.enabled %}{% if matrix_postgres_backup_db_list=="" %}{{item.dbname}}{% else %}{{ matrix_postgres_backup_db_list }},{{item.dbname}}{% endif %}{% else %}{% endif %}' -# loop: -# - { enabled: '{{matrix_postgres_backup_matrix_reminder_bot_enabled|bool}}' , dbname: '{{ matrix_bot_matrix_reminder_bot_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_appservice_discord_enabled|bool}}' , dbname: '{{ matrix_appservice_discord_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_appservice_irc_enabled|bool}}' , dbname: '{{ matrix_appservice_irc_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_appservice_slack_enabled|bool}}' , dbname: '{{ matrix_appservice_slack_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_mautrix_facebook_enabled|bool}}' , dbname: '{{ matrix_mautrix_facebook_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_mautrix_hangouts_enabled|bool}}' , dbname: '{{ matrix_mautrix_hangouts_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_mautrix_signal_enabled|bool}}' , dbname: '{{ matrix_mautrix_signal_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_mautrix_telegram_enabled|bool}}' , dbname: '{{ matrix_mautrix_telegram_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_mautrix_whatsapp_enabled|bool}}' , dbname: '{{ matrix_mautrix_whatsapp_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_instagram_enabled|bool}}' , dbname: '{{ matrix_postgres_backup_matrix_mx_puppet_instagram_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_skype_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_skype_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_slack_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_slack_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_steam_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_steam_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_twitter_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_twitter_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_dimension_enabled|bool}}' , dbname: '{{ matrix_dimension_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_etherpad_enabled|bool}}' , dbname: '{{ matrix_etherpad_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_ma1sd_enabled|bool}}' , dbname: '{{ matrix_ma1sd_database_name }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_registration_enabled|bool}}' , dbname: '{{ matrix_registration_database_engine }}' } -# - { enabled: '{{matrix_postgres_backup_matrix_synapse_enabled|bool}}' , dbname: '{{ matrix_postgres_db_name }}' } - -- name: Build list of all databases to backup - part 2 - set_fact: - matrix_postgres_backup_db_list_prepare: "{% set res = [ ] %}{% for db in matrix_postgres_backup_db_dict %}{% if db.enabled %}{% set ignored = res.append(db.dbname) %}{% endif %}{% endfor %}{{ res }}" - -- name: Build list of all databases to backup - part 1 - set_fact: - matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list_prepare | join(',') }}" - -- name: Going to backup the following list of databases - debug: - msg: "{{ matrix_postgres_backup_db_list }}" - when: matrix_postgres_backup_enabled|bool - \ No newline at end of file From bab8b950ca6f1ced159a35a810cca646d9f5cf6d Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Tue, 23 Mar 2021 22:46:08 -0500 Subject: [PATCH 11/44] Add mjolnir --- README.md | 2 + docs/configuring-playbook-bot-mjolnir.md | 70 ++++++++ docs/container-images.md | 2 + group_vars/matrix_servers | 23 +++ roles/matrix-bot-mjolnir/defaults/main.yml | 52 ++++++ roles/matrix-bot-mjolnir/tasks/init.yml | 3 + roles/matrix-bot-mjolnir/tasks/main.yml | 21 +++ .../tasks/setup_install.yml | 50 ++++++ .../tasks/setup_uninstall.yml | 35 ++++ .../tasks/validate_config.yml | 9 + .../templates/production.yaml.j2 | 162 ++++++++++++++++++ .../systemd/matrix-bot-mjolnir.service.j2 | 39 +++++ setup.yml | 1 + 13 files changed, 469 insertions(+) create mode 100644 docs/configuring-playbook-bot-mjolnir.md create mode 100644 roles/matrix-bot-mjolnir/defaults/main.yml create mode 100644 roles/matrix-bot-mjolnir/tasks/init.yml create mode 100644 roles/matrix-bot-mjolnir/tasks/main.yml create mode 100644 roles/matrix-bot-mjolnir/tasks/setup_install.yml create mode 100644 roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml create mode 100644 roles/matrix-bot-mjolnir/tasks/validate_config.yml create mode 100644 roles/matrix-bot-mjolnir/templates/production.yaml.j2 create mode 100644 roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 diff --git a/README.md b/README.md index 9a272687..301e7f05 100644 --- a/README.md +++ b/README.md @@ -93,6 +93,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) [Go-NEB](https://github.com/matrix-org/go-neb) multi functional bot written in Go - see [docs/configuring-playbook-bot-go-neb.md](docs/configuring-playbook-bot-go-neb.md) for setup documentation +- (optional) [Mjolnir](https://github.com/matrix-org/mjolnir), a moderation tool for Matrix - see [docs/configuring-playbook-bot-mjolnir.md](docs/configuring-playbook-bot-mjolnir.md) for setup documentation + - (optional) [synapse-admin](https://github.com/Awesome-Technologies/synapse-admin), a web UI tool for administrating users and rooms on your Matrix server - see [docs/configuring-playbook-synapse-admin.md](docs/configuring-playbook-synapse-admin.md) for setup documentation - (optional) [matrix-registration](https://github.com/ZerataX/matrix-registration), a simple python application to have a token based matrix registration - see [docs/configuring-playbook-matrix-registration.md](docs/configuring-playbook-matrix-registration.md) for setup documentation diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md new file mode 100644 index 00000000..d58e2312 --- /dev/null +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -0,0 +1,70 @@ +# Setting up Mjolnir (optional) + +The playbook can install and configure [Mjolnir](https://github.com/matrix-org/mjolnir) for you. + +Mjolnir is a moderation tool for Matrix. + +See the project's [documentation](https://github.com/matrix-org/mjolnir) to learn what it does and why it might be useful to you. + + +## Registering the bot user + +The playbook does not automatically create users for you. The bot requires at least 1 access token to be able to connect to your homeserver. + +You **need to register the bot user manually** before setting up the bot. + +Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. + +You can use the playbook to [register a new user](registering-users.md): + +``` +ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.mjolnir password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user +``` + + +## Getting an access token + +If you use curl, you can get an access token like this: + +``` +curl -X POST --header 'Content-Type: application/json' -d '{ + "identifier": { "type": "m.id.user", "user": "bot.mjolnir" }, + "password": "PASSWORD_FOR_THE_BOT", + "type": "m.login.password" +}' 'https://matrix.YOURDOMAIN/_matrix/client/r0/login' +``` + +Alternatively, you can use a full-featured client (such as Element) to log in and get the access token from there (note: don't log out from the client as that will invalidate the token), but doing so might lead to decryption problems. That warning comes from [here](https://github.com/matrix-org/go-neb#quick-start). + + +## Make sure account is free from rate limiting + +TODO + +``` +insert into ratelimit_override values ("@bot.mjolnir:DOMAIN", 0, 0); +``` + +## Adjusting the playbook configuration + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs): + +```yaml +TODO +``` + + +## Installing + +After configuring the playbook, run the [installation](installing.md) command again: + +``` +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` + + +## Usage + +TODO + +You can also refer to the upstream [documentation](https://github.com/matrix-org/mjolnir). diff --git a/docs/container-images.md b/docs/container-images.md index ee9cbd3c..7cc7c2f6 100644 --- a/docs/container-images.md +++ b/docs/container-images.md @@ -90,6 +90,8 @@ These services are not part of our default installation, but can be enabled by [ - [matrixdotorg/go-neb](https://hub.docker.com/r/matrixdotorg/go-neb) - the [Go-NEB](https://github.com/matrix-org/go-neb) bot (optional) +- [matrixdotorg/mjolnir](https://hub.docker.com/r/matrixdotorg/mjolnir) - the [mjolnir](https://github.com/matrix-org/mjolnir) moderation bot (optional) + - [awesometechnologies/synapse-admin](https://hub.docker.com/r/awesometechnologies/synapse-admin) - the [synapse-admin](https://github.com/Awesome-Technologies/synapse-admin) web UI tool for administrating users and rooms on your Matrix server (optional) - [prom/prometheus](https://hub.docker.com/r/prom/prometheus/) - [Prometheus](https://github.com/prometheus/prometheus/) is a systems and service monitoring system diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index a6c433cb..63089030 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -768,6 +768,29 @@ matrix_bot_go_neb_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_en ###################################################################### +###################################################################### +# +# matrix-bot-mjolnir +# +###################################################################### + +# We don't enable bots by default. +matrix_bot_mjolnir_enabled: false + +matrix_bot_mjolnir_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + }} + +###################################################################### +# +# /matrix-bot-mjolnir +# +###################################################################### + + ###################################################################### # # matrix-corporal diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/matrix-bot-mjolnir/defaults/main.yml new file mode 100644 index 00000000..e7b54364 --- /dev/null +++ b/roles/matrix-bot-mjolnir/defaults/main.yml @@ -0,0 +1,52 @@ +# A moderation tool for Matrix +# See: https://github.com/matrix-org/mjolnir + +matrix_bot_mjolnir_enabled: true +matrix_bot_mjolnir_version: "v0.1.17" +matrix_bot_mjolnir_docker_image: "docker.io/matrixdotorg/mjolnir:{{ matrix_bot_mjolnir_version }}" +matrix_bot_mjolnir_docker_image_force_pull: "{{ matrix_bot_mjolnir_docker_image.endswith(':latest') }}" + +matrix_bot_mjolnir_base_path: "{{ matrix_base_data_path }}/mjolnir" +matrix_bot_mjolnir_config_path: "{{ matrix_bot_mjolnir_base_path }}/config" +matrix_bot_mjolnir_data_path: "{{ matrix_bot_mjolnir_base_path }}/data" + +# A list of extra arguments to pass to the container +matrix_bot_mjolnir_container_extra_arguments: [] + +# List of systemd services that matrix-bot-mjolnir.service depends on +matrix_bot_mjolnir_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-bot-mjolnir.service wants +matrix_bot_mjolnir_systemd_wanted_services_list: [] + +# The access token for the bot user +matrix_bot_mjolnir_access_token: "" + +# The room ID where people can use the bot. The bot has no access controls, so +# anyone in this room can use the bot - secure your room! +# This should be a room alias or room ID - not a matrix.to URL. +# Note: Mjolnir is fairly verbose - expect a lot of messages from it. +matrix_bot_mjolnir_management_room: "" + +# Default configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_bot_mjolnir_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_bot_mjolnir_configuration_yaml: "{{ lookup('template', 'templates/production.yaml.j2') }}" + +matrix_bot_mjolnir_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_bot_mjolnir_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_bot_mjolnir_configuration_yaml`. + +matrix_bot_mjolnir_configuration_extension: "{{ matrix_bot_mjolnir_configuration_extension_yaml|from_yaml if matrix_bot_mjolnir_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_bot_mjolnir_configuration_yaml`. +matrix_bot_mjolnir_configuration: "{{ matrix_bot_mjolnir_configuration_yaml|from_yaml|combine(matrix_bot_mjolnir_configuration_extension, recursive=True) }}" + diff --git a/roles/matrix-bot-mjolnir/tasks/init.yml b/roles/matrix-bot-mjolnir/tasks/init.yml new file mode 100644 index 00000000..d54684d2 --- /dev/null +++ b/roles/matrix-bot-mjolnir/tasks/init.yml @@ -0,0 +1,3 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-mjolnir.service'] }}" + when: matrix_bot_mjolnir_enabled|bool diff --git a/roles/matrix-bot-mjolnir/tasks/main.yml b/roles/matrix-bot-mjolnir/tasks/main.yml new file mode 100644 index 00000000..eada8de5 --- /dev/null +++ b/roles/matrix-bot-mjolnir/tasks/main.yml @@ -0,0 +1,21 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_bot_mjolnir_enabled|bool" + tags: + - setup-all + - setup-bot-mjolnir + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_bot_mjolnir_enabled|bool" + tags: + - setup-all + - setup-bot-mjolnir + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_bot_mjolnir_enabled|bool" + tags: + - setup-all + - setup-bot-mjolnir diff --git a/roles/matrix-bot-mjolnir/tasks/setup_install.yml b/roles/matrix-bot-mjolnir/tasks/setup_install.yml new file mode 100644 index 00000000..4c18bf6a --- /dev/null +++ b/roles/matrix-bot-mjolnir/tasks/setup_install.yml @@ -0,0 +1,50 @@ +--- + +- set_fact: + matrix_bot_mjolnir_requires_restart: false + +- name: Ensure matrix-bot-mjolnir paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - { path: "{{ matrix_bot_mjolnir_base_path }}", when: true } + - { path: "{{ matrix_bot_mjolnir_config_path }}", when: true } + - { path: "{{ matrix_bot_mjolnir_data_path }}", when: true } + when: "item.when|bool" + +- name: Ensure mjolnir image is pulled + docker_image: + name: "{{ matrix_bot_mjolnir_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_bot_mjolnir_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_mjolnir_docker_image_force_pull }}" + +- name: Ensure matrix-bot-mjolnir config installed + copy: + content: "{{ matrix_bot_mjolnir_configuration|to_nice_yaml }}" + dest: "{{ matrix_bot_mjolnir_config_path }}/production.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-bot-mjolnir.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-bot-mjolnir.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-bot-mjolnir.service" + mode: 0644 + register: matrix_bot_mjolnir_systemd_service_result + +- name: Ensure systemd reloaded after matrix-bot-mjolnir.service installation + service: + daemon_reload: yes + when: "matrix_bot_mjolnir_systemd_service_result.changed|bool" + +- name: Ensure matrix-bot-mjolnir.service restarted, if necessary + service: + name: "matrix-bot-mjolnir.service" + state: restarted + when: "matrix_bot_mjolnir_requires_restart|bool" diff --git a/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml b/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml new file mode 100644 index 00000000..7127543e --- /dev/null +++ b/roles/matrix-bot-mjolnir/tasks/setup_uninstall.yml @@ -0,0 +1,35 @@ +--- + +- name: Check existence of matrix-bot-mjolnir service + stat: + path: "{{ matrix_systemd_path }}/matrix-bot-mjolnir.service" + register: matrix_bot_mjolnir_service_stat + +- name: Ensure matrix-bot-mjolnir is stopped + service: + name: matrix-bot-mjolnir + state: stopped + daemon_reload: yes + register: stopping_result + when: "matrix_bot_mjolnir_service_stat.stat.exists|bool" + +- name: Ensure matrix-bot-mjolnir.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-bot-mjolnir.service" + state: absent + when: "matrix_bot_mjolnir_service_stat.stat.exists|bool" + +- name: Ensure systemd reloaded after matrix-bot-mjolnir.service removal + service: + daemon_reload: yes + when: "matrix_bot_mjolnir_service_stat.stat.exists|bool" + +- name: Ensure matrix-bot-mjolnir paths don't exist + file: + path: "{{ matrix_bot_mjolnir_base_path }}" + state: absent + +- name: Ensure mjolnir Docker image doesn't exist + docker_image: + name: "{{ matrix_bot_mjolnir_docker_image }}" + state: absent diff --git a/roles/matrix-bot-mjolnir/tasks/validate_config.yml b/roles/matrix-bot-mjolnir/tasks/validate_config.yml new file mode 100644 index 00000000..cb961baf --- /dev/null +++ b/roles/matrix-bot-mjolnir/tasks/validate_config.yml @@ -0,0 +1,9 @@ +--- + +- name: Fail if required variables are undefined + fail: + msg: "The `{{ item }}` variable must be defined and have a non-null value." + with_items: + - "matrix_bot_mjolnir_access_token" + - "matrix_bot_mjolnir_management_room" + when: "vars[item] == '' or vars[item] is none" diff --git a/roles/matrix-bot-mjolnir/templates/production.yaml.j2 b/roles/matrix-bot-mjolnir/templates/production.yaml.j2 new file mode 100644 index 00000000..e5eb3aea --- /dev/null +++ b/roles/matrix-bot-mjolnir/templates/production.yaml.j2 @@ -0,0 +1,162 @@ +# Where the homeserver is located (client-server URL). This should point at +# pantalaimon if you're using that. +homeserverUrl: "{{ matrix_homeserver_url }}" + +# The access token for the bot to use. Do not populate if using Pantalaimon. +accessToken: "{{ matrix_bot_mjolnir_access_token }}" + +# Pantalaimon options (https://github.com/matrix-org/pantalaimon) +#pantalaimon: +# # If true, accessToken above is ignored and the username/password below will be +# # used instead. The access token of the bot will be stored in the dataPath. +# use: false +# +# # The username to login with. +# username: mjolnir +# +# # The password to login with. Can be removed after the bot has logged in once and +# # stored the access token. +# password: your_password + +# The directory the bot should store various bits of information in +dataPath: "/data" + +# If true (the default), only users in the `managementRoom` can invite the bot +# to new rooms. +autojoinOnlyIfManager: true + +# If `autojoinOnlyIfManager` is false, only the members in this group can invite +# the bot to new rooms. +#acceptInvitesFromGroup: '+example:example.org' + +# If the bot is invited to a room and it won't accept the invite (due to the +# conditions above), report it to the management room. Defaults to disabled (no +# reporting). +recordIgnoredInvites: false + +# The room ID where people can use the bot. The bot has no access controls, so +# anyone in this room can use the bot - secure your room! +# This should be a room alias or room ID - not a matrix.to URL. +# Note: Mjolnir is fairly verbose - expect a lot of messages from it. +managementRoom: "{{ matrix_bot_mjolnir_management_room }}" + +# Set to false to make the management room a bit quieter. +verboseLogging: false + +# The log level for the logs themselves. One of DEBUG, INFO, WARN, and ERROR. +# This should be at INFO or DEBUG in order to get support for Mjolnir problems. +logLevel: "INFO" + +# Set to false to disable synchronizing the ban lists on startup. If true, this +# is the same as running !mjolnir sync immediately after startup. +syncOnStartup: true + +# Set to false to prevent Mjolnir from checking its permissions on startup. This +# is recommended to be left as "true" to catch room permission problems (state +# resets, etc) before Mjolnir is needed. +verifyPermissionsOnStartup: true + +# If true, Mjolnir won't actually ban users or apply server ACLs, but will +# think it has. This is useful to see what it does in a scenario where the +# bot might not be trusted fully, yet. Default false (do bans/ACLs). +noop: false + +# Set to true to use /joined_members instead of /state to figure out who is +# in the room. Using /state is preferred because it means that users are +# banned when they are invited instead of just when they join, though if your +# server struggles with /state requests then set this to true. +fasterMembershipChecks: false + +# A case-insensitive list of ban reasons to automatically redact a user's +# messages for. Typically this is useful to avoid having to type two commands +# to the bot. Use asterisks to represent globs (ie: "spam*testing" would match +# "spam for testing" as well as "spamtesting"). +automaticallyRedactForReasons: + - "spam" + - "advertising" + +# A list of rooms to protect (matrix.to URLs) +#protectedRooms: +# - "https://matrix.to/#/#yourroom:example.org" + +# Set this option to true to protect every room the bot is joined to. Note that +# this effectively makes the protectedRooms and associated commands useless because +# the bot by nature must be joined to the room to protect it. +# +# Note: the management room is *excluded* from this condition. Add it to the +# protected rooms to protect it. +# +# Note: ban list rooms the bot is watching but didn't create will not be protected. +# Manually add these rooms to the protected rooms list if you want them protected. +protectAllJoinedRooms: false + +# Misc options for command handling and commands +commands: + # If true, Mjolnir will respond to commands like !help and !ban instead of + # requiring a prefix. This is useful if Mjolnir is the only bot running in + # your management room. + # + # Note that Mjolnir can be pinged by display name instead of having to use + # the !mjolnir prefix. For example, "my_moderator_bot: ban @spammer:example.org" + # will ban a user. + allowNoPrefix: false + + # In addition to the bot's display name, !mjolnir, and optionally no prefix + # above, the bot will respond to these names. The items here can be used either + # as display names or prefixed with exclamation points. + additionalPrefixes: + - "mjolnir_bot" + + # If true, ban commands that use wildcard characters require confirmation with + # an extra `--force` argument + confirmWildcardBan: true + +# Configuration specific to certain toggleable protections +#protections: +# # Configuration for the wordlist plugin, which can ban users based if they say certain +# # blocked words shortly after joining. +# wordlist: +# # A list of words which should be monitored by the bot. These will match if any part +# # of the word is present in the message in any case. e.g. "hello" also matches +# # "HEllO". Additionally, regular expressions can be used. +# words: +# - "CaSe" +# - "InSeNsAtIve" +# - "WoRd" +# - "LiSt" +# +# # How long after a user joins the server should the bot monitor their messages. After +# # this time, users can say words from the wordlist without being banned automatically. +# # Set to zero to disable (users will always be banned if they say a bad word) +# minutesBeforeTrusting: 20 + +# Options for monitoring the health of the bot +health: + # healthz options. These options are best for use in container environments + # like Kubernetes to detect how healthy the service is. The bot will report + # that it is unhealthy until it is able to process user requests. Typically + # this means that it'll flag itself as unhealthy for a number of minutes + # before saying "Now monitoring rooms" and flagging itself healthy. + # + # Health is flagged through HTTP status codes, defined below. + healthz: + # Whether the healthz integration should be enabled (default false) + enabled: false + + # The port to expose the webserver on. Defaults to 8080. + port: 8080 + + # The address to listen for requests on. Defaults to all addresses. + address: "0.0.0.0" + + # The path to expose the monitoring endpoint at. Defaults to `/healthz` + endpoint: "/healthz" + + # The HTTP status code which reports that the bot is healthy/ready to + # process requests. Typically this should not be changed. Defaults to + # 200. + healthyStatus: 200 + + # The HTTP status code which reports that the bot is not healthy/ready. + # Defaults to 418. + unhealthyStatus: 418 diff --git a/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 b/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 new file mode 100644 index 00000000..c2294daa --- /dev/null +++ b/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 @@ -0,0 +1,39 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Mjolnir bot +{% for service in matrix_bot_mjolnir_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_bot_mjolnir_systemd_required_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null' + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-mjolnir \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --network={{ matrix_docker_network }} \ + --mount type=bind,src={{ matrix_bot_mjolnir_config_path }},dst=/data/config,ro \ + --mount type=bind,src={{ matrix_bot_mjolnir_data_path }},dst=/data \ + {% for arg in matrix_bot_mjolnir_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_bot_mjolnir_docker_image }} + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-bot-mjolnir + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index c4a203cc..683f1955 100755 --- a/setup.yml +++ b/setup.yml @@ -34,6 +34,7 @@ - matrix-bridge-sms - matrix-bot-matrix-reminder-bot - matrix-bot-go-neb + - matrix-bot-mjolnir - matrix-synapse - matrix-synapse-admin - matrix-prometheus-node-exporter From 3a772f2f657ccd921e644798638810f6d8e3108f Mon Sep 17 00:00:00 2001 From: Christoph Johannes Kleine Date: Tue, 30 Mar 2021 14:11:20 +0200 Subject: [PATCH 12/44] matrix-nginx-proxy: add custom nginx options to nginx.conf.j2 --- roles/matrix-nginx-proxy/defaults/main.yml | 9 +++++++++ roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 | 7 ++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 004a1ec1..6cb507af 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -227,9 +227,18 @@ matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key: "{{ matrix_s # The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads. matrix_nginx_proxy_tmp_directory_size_mb: "{{ (matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb | int) * 50 }}" +# A list of strings containing additional configuration blocks to add to the nginx server configuration (nginx.conf). +# for big matrixservers to enlarge the number of open files to prevent timeouts +# matrix_nginx_proxy_proxy_additional_server_configuration_blocks: +# - 'worker_rlimit_nofile 30000;' +matrix_nginx_proxy_proxy_additional_server_configuration_blocks: [] + # A list of strings containing additional configuration blocks to add to the nginx http's server configuration (nginx-http.conf). matrix_nginx_proxy_proxy_http_additional_server_configuration_blocks: [] +# A list of strings containing additional configuration blocks to add to the nginx event server configuration (nginx.conf). +matrix_nginx_proxy_proxy_event_additional_server_configuration_blocks: [] + # A list of strings containing additional configuration blocks to add to the base matrix server configuration (matrix-domain.conf). matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: [] diff --git a/roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 index c35f9b24..e905e30a 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 @@ -11,10 +11,15 @@ worker_processes {{ matrix_nginx_proxy_worker_processes }}; error_log /var/log/nginx/error.log warn; pid /tmp/nginx.pid; - +{% for configuration_block in matrix_nginx_proxy_proxy_additional_server_configuration_blocks %} + {{- configuration_block }} +{% endfor %} events { worker_connections {{ matrix_nginx_proxy_worker_connections }}; +{% for configuration_block in matrix_nginx_proxy_proxy_event_additional_server_configuration_blocks %} + {{- configuration_block }} +{% endfor %} } From 8ba1105010b44c569956aa7bd99f8d7d6700cd76 Mon Sep 17 00:00:00 2001 From: Christoph Johannes Kleine Date: Tue, 30 Mar 2021 15:59:10 +0200 Subject: [PATCH 13/44] rename variable --- roles/matrix-nginx-proxy/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 6cb507af..770468d0 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -229,9 +229,9 @@ matrix_nginx_proxy_tmp_directory_size_mb: "{{ (matrix_nginx_proxy_proxy_matrix_f # A list of strings containing additional configuration blocks to add to the nginx server configuration (nginx.conf). # for big matrixservers to enlarge the number of open files to prevent timeouts -# matrix_nginx_proxy_proxy_additional_server_configuration_blocks: +# matrix_nginx_proxy_proxy_additional_configuration_blocks: # - 'worker_rlimit_nofile 30000;' -matrix_nginx_proxy_proxy_additional_server_configuration_blocks: [] +matrix_nginx_proxy_proxy_additional_configuration_blocks: [] # A list of strings containing additional configuration blocks to add to the nginx http's server configuration (nginx-http.conf). matrix_nginx_proxy_proxy_http_additional_server_configuration_blocks: [] From fcd66b2889865ba384fd07bf674102e952a3900b Mon Sep 17 00:00:00 2001 From: Christoph Johannes Kleine Date: Tue, 30 Mar 2021 16:41:32 +0200 Subject: [PATCH 14/44] rename variables --- roles/matrix-nginx-proxy/defaults/main.yml | 6 +++--- roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 770468d0..440f7a32 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -233,12 +233,12 @@ matrix_nginx_proxy_tmp_directory_size_mb: "{{ (matrix_nginx_proxy_proxy_matrix_f # - 'worker_rlimit_nofile 30000;' matrix_nginx_proxy_proxy_additional_configuration_blocks: [] +# A list of strings containing additional configuration blocks to add to the nginx event server configuration (nginx.conf). +matrix_nginx_proxy_proxy_event_additional_configuration_blocks: [] + # A list of strings containing additional configuration blocks to add to the nginx http's server configuration (nginx-http.conf). matrix_nginx_proxy_proxy_http_additional_server_configuration_blocks: [] -# A list of strings containing additional configuration blocks to add to the nginx event server configuration (nginx.conf). -matrix_nginx_proxy_proxy_event_additional_server_configuration_blocks: [] - # A list of strings containing additional configuration blocks to add to the base matrix server configuration (matrix-domain.conf). matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: [] diff --git a/roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 index e905e30a..dae83ab9 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 @@ -11,13 +11,13 @@ worker_processes {{ matrix_nginx_proxy_worker_processes }}; error_log /var/log/nginx/error.log warn; pid /tmp/nginx.pid; -{% for configuration_block in matrix_nginx_proxy_proxy_additional_server_configuration_blocks %} +{% for configuration_block in matrix_nginx_proxy_proxy_additional_configuration_blocks %} {{- configuration_block }} {% endfor %} events { worker_connections {{ matrix_nginx_proxy_worker_connections }}; -{% for configuration_block in matrix_nginx_proxy_proxy_event_additional_server_configuration_blocks %} +{% for configuration_block in matrix_nginx_proxy_proxy_event_additional_configuration_blocks %} {{- configuration_block }} {% endfor %} } From 1ecee625d51797d265729f251a95febb8ec8ebc1 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Fri, 2 Apr 2021 17:07:24 -0500 Subject: [PATCH 15/44] Depend on more services, add a delay --- group_vars/matrix_servers | 4 ++++ .../templates/systemd/matrix-bot-mjolnir.service.j2 | 3 +++ 2 files changed, 7 insertions(+) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 63089030..6b1d413e 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -782,6 +782,10 @@ matrix_bot_mjolnir_systemd_required_services_list: | ['docker.service'] + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + + + (['matrix-postgres.service'] if matrix_postgres_enabled else []) + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} ###################################################################### diff --git a/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 b/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 index c2294daa..0b018f25 100644 --- a/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 +++ b/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 @@ -16,6 +16,9 @@ Environment="HOME={{ matrix_systemd_unit_home_path }}" ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null' ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null' +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-mjolnir \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ From b5fb98dd284a8559da874b063a2130f18fd9f9c7 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Fri, 2 Apr 2021 17:55:46 -0500 Subject: [PATCH 16/44] Write some docs --- docs/configuring-playbook-bot-mjolnir.md | 78 ++++++++++++++++++------ docs/configuring-playbook.md | 2 + 2 files changed, 63 insertions(+), 17 deletions(-) diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index d58e2312..ee12249a 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -1,15 +1,15 @@ # Setting up Mjolnir (optional) -The playbook can install and configure [Mjolnir](https://github.com/matrix-org/mjolnir) for you. - -Mjolnir is a moderation tool for Matrix. +The playbook can install and configure the [Mjolnir](https://github.com/matrix-org/mjolnir) moderation bot for you. See the project's [documentation](https://github.com/matrix-org/mjolnir) to learn what it does and why it might be useful to you. +Note: the playbook does not currently support the Mjolnir Synapse module. The playbook does support another antispam module, see [Setting up Synapse Simple Antispam](docs/configuring-playbook-synapse-simple-antispam.md). -## Registering the bot user -The playbook does not automatically create users for you. The bot requires at least 1 access token to be able to connect to your homeserver. +## 1. Registering the bot user + +The playbook does not automatically create users for you. The bot requires an access token to be able to connect to your homeserver. You **need to register the bot user manually** before setting up the bot. @@ -21,8 +21,7 @@ You can use the playbook to [register a new user](registering-users.md): ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.mjolnir password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user ``` - -## Getting an access token +## 2. Get an access token If you use curl, you can get an access token like this: @@ -34,29 +33,60 @@ curl -X POST --header 'Content-Type: application/json' -d '{ }' 'https://matrix.YOURDOMAIN/_matrix/client/r0/login' ``` -Alternatively, you can use a full-featured client (such as Element) to log in and get the access token from there (note: don't log out from the client as that will invalidate the token), but doing so might lead to decryption problems. That warning comes from [here](https://github.com/matrix-org/go-neb#quick-start). +Alternatively, you can use a full-featured client (such as Element) to log in and get the access token from there (note: don't log out from the client as that will invalidate the token). -## Make sure account is free from rate limiting +## 3. Make sure the account is free from rate limiting -TODO +You will need to prevent Synapse from rate limiting the bot's account is not rate limited by Synapse. This is not an optional step. If you do not do this step mjolnir will crash. [Currently there is no Synapse config option for this](https://github.com/matrix-org/synapse/issues/6286) so you have to manually edit the Synapse database. Manually editing the Synapse database is rarely a good idea but in this case it is required. Please ask for help if you are uncomfortable with these steps. + +1. Copy the statement below into a text editor. + + ``` + INSERT INTO ratelimit_override VALUES ("@bot.mjolnir:DOMAIN", 0, 0); + ``` + +1. Change the username (`@bot.mjolnir:DOMAIN`) to the username you used when you registered the bot's account. You must change `DOMAIN` to your server's domain. + +1. Get a database terminal by following these steps: [docs/maintenance-postgres.md#getting-a-database-terminal](docs/maintenance-postgres.md#getting-a-database-terminal) + +1. Connect to Synapse's database by typing `\connect synapse` into the database terminal + +1. Paste in the `INSERT INTO` command that you edited and press enter. + +You can run `SELECT * FROM ratelimit_override;` to see if it worked. If the output looks like this: ``` -insert into ratelimit_override values ("@bot.mjolnir:DOMAIN", 0, 0); + user_id | messages_per_second | burst_count +-----------------------+---------------------+------------- + @bot.mjolnir:raim.ist | 0 | 0` ``` +then you did it correctly. -## Adjusting the playbook configuration +## 5. Create a management room + +Using your own account, create a new room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room. + +Once you have created the room you need to copy the room ID so you can tell the bot to use that room. In Element you can do this by going to the room's settings, clicking Advanced, and then coping the internal room ID. The room ID will look something like `!QvgVuKq0ha8glOLGMG:DOMAIN`. + +## 4. Adjusting the playbook configuration Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs): +You must replace `ACCESS_TOKEN_FROM_STEP_2_GOES_HERE` and `ROOM_ID_FROM_STEP_5_GOES_HERE` with the your own values. + ```yaml -TODO +matrix_bot_mjolnir_enabled: true + +matrix_bot_mjolnir_access_token: "ACCESS_TOKEN_FROM_STEP_2_GOES_HERE" + +matrix_bot_mjolnir_management_room: "ROOM_ID_FROM_STEP_5_GOES_HERE" ``` -## Installing +## 5. Installing -After configuring the playbook, run the [installation](installing.md) command again: +After configuring the playbook, run the [installation](installing.md) command: ``` ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start @@ -65,6 +95,20 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start ## Usage -TODO +You can refer to the upstream [documentation](https://github.com/matrix-org/mjolnir) for additional ways to use and configure mjolnir. Check out their [quickstart guide](https://github.com/matrix-org/mjolnir#quickstart-guide) for some basic commands you can give to the bot. -You can also refer to the upstream [documentation](https://github.com/matrix-org/mjolnir). +You can configure additional options by adding the `matrix_bot_mjolnir_configuration_extension_yaml` variable to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file. + +For example to change mjolnir's `recordIgnoredInvites` option to `true` you would add the following to your `vars.yml` file. + +```yaml +matrix_bot_mjolnir_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_bot_mjolnir_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_bot_mjolnir_configuration_yaml`. + recordIgnoredInvites: true +``` diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 721735d5..9e9c442d 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -85,6 +85,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Matrix Corporal](configuring-playbook-matrix-corporal.md) (optional, advanced) +- [Setting up Mjolnir](configuring-playbook-bot-mjolnir) (optional, advanced) + ### Bridging other networks From c43bd412ddf6746426dbba9e46719fc7a2ecddf1 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Fri, 2 Apr 2021 18:08:08 -0500 Subject: [PATCH 17/44] Upgrade synapse-simple-antispam (0.0.1 -> 0.0.3) --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index b4622478..cb891819 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -501,7 +501,7 @@ matrix_synapse_ext_password_provider_ldap_filter: "" # See: https://github.com/t2bot/synapse-simple-antispam matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled: false matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_repository_url: "https://github.com/t2bot/synapse-simple-antispam" -matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_version: "f058d9ce2c7d4195ae461dcdd02df11a2d06a36b" +matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_version: "923ca5c85b08f157181721abbae50dd89c31e4b5" matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers: [] matrix_s3_media_store_enabled: false From 219c2fdb12a772937cdd9857e14559bb333415a3 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Fri, 2 Apr 2021 18:11:05 -0500 Subject: [PATCH 18/44] Fix paths --- docs/configuring-playbook-bot-mjolnir.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index ee12249a..3703ba7a 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -4,7 +4,7 @@ The playbook can install and configure the [Mjolnir](https://github.com/matrix-o See the project's [documentation](https://github.com/matrix-org/mjolnir) to learn what it does and why it might be useful to you. -Note: the playbook does not currently support the Mjolnir Synapse module. The playbook does support another antispam module, see [Setting up Synapse Simple Antispam](docs/configuring-playbook-synapse-simple-antispam.md). +Note: the playbook does not currently support the Mjolnir Synapse module. The playbook does support another antispam module, see [Setting up Synapse Simple Antispam](configuring-playbook-synapse-simple-antispam.md). ## 1. Registering the bot user @@ -48,7 +48,7 @@ You will need to prevent Synapse from rate limiting the bot's account is not rat 1. Change the username (`@bot.mjolnir:DOMAIN`) to the username you used when you registered the bot's account. You must change `DOMAIN` to your server's domain. -1. Get a database terminal by following these steps: [docs/maintenance-postgres.md#getting-a-database-terminal](docs/maintenance-postgres.md#getting-a-database-terminal) +1. Get a database terminal by following these steps: [maintenance-postgres.md#getting-a-database-terminal](maintenance-postgres.md#getting-a-database-terminal) 1. Connect to Synapse's database by typing `\connect synapse` into the database terminal From 12a120e175a57d77ac50a0b1547e779d58bfd8a5 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Fri, 2 Apr 2021 18:14:52 -0500 Subject: [PATCH 19/44] how do words good --- docs/configuring-playbook-bot-mjolnir.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index 3703ba7a..51a0af68 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -38,7 +38,7 @@ Alternatively, you can use a full-featured client (such as Element) to log in an ## 3. Make sure the account is free from rate limiting -You will need to prevent Synapse from rate limiting the bot's account is not rate limited by Synapse. This is not an optional step. If you do not do this step mjolnir will crash. [Currently there is no Synapse config option for this](https://github.com/matrix-org/synapse/issues/6286) so you have to manually edit the Synapse database. Manually editing the Synapse database is rarely a good idea but in this case it is required. Please ask for help if you are uncomfortable with these steps. +You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step mjolnir will crash. [Currently there is no Synapse config option for this](https://github.com/matrix-org/synapse/issues/6286) so you have to manually edit the Synapse database. Manually editing the Synapse database is rarely a good idea but in this case it is required. Please ask for help if you are uncomfortable with these steps. 1. Copy the statement below into a text editor. From 11c93682dbcc279765ed043a144d6cf2b9780344 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Fri, 2 Apr 2021 18:26:50 -0500 Subject: [PATCH 20/44] YOURDOMAIN -> DOMAIN --- docs/configuring-playbook-bot-mjolnir.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index 51a0af68..033b883a 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -21,6 +21,7 @@ You can use the playbook to [register a new user](registering-users.md): ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.mjolnir password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user ``` + ## 2. Get an access token If you use curl, you can get an access token like this: @@ -30,7 +31,7 @@ curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user", "user": "bot.mjolnir" }, "password": "PASSWORD_FOR_THE_BOT", "type": "m.login.password" -}' 'https://matrix.YOURDOMAIN/_matrix/client/r0/login' +}' 'https://matrix.DOMAIN/_matrix/client/r0/login' ``` Alternatively, you can use a full-featured client (such as Element) to log in and get the access token from there (note: don't log out from the client as that will invalidate the token). @@ -38,7 +39,7 @@ Alternatively, you can use a full-featured client (such as Element) to log in an ## 3. Make sure the account is free from rate limiting -You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step mjolnir will crash. [Currently there is no Synapse config option for this](https://github.com/matrix-org/synapse/issues/6286) so you have to manually edit the Synapse database. Manually editing the Synapse database is rarely a good idea but in this case it is required. Please ask for help if you are uncomfortable with these steps. +You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step Mjolnir will crash. [Currently there is no Synapse config option for this](https://github.com/matrix-org/synapse/issues/6286) so you have to manually edit the Synapse database. Manually editing the Synapse database is rarely a good idea but in this case it is required. Please ask for help if you are uncomfortable with these steps. 1. Copy the statement below into a text editor. @@ -63,12 +64,14 @@ You can run `SELECT * FROM ratelimit_override;` to see if it worked. If the outp ``` then you did it correctly. + ## 5. Create a management room Using your own account, create a new room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room. Once you have created the room you need to copy the room ID so you can tell the bot to use that room. In Element you can do this by going to the room's settings, clicking Advanced, and then coping the internal room ID. The room ID will look something like `!QvgVuKq0ha8glOLGMG:DOMAIN`. + ## 4. Adjusting the playbook configuration Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs): From b084a35e9dd12d9d744f795f52234aeda9341e91 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Fri, 2 Apr 2021 18:40:42 -0500 Subject: [PATCH 21/44] Add note about making bot a server admin --- docs/configuring-playbook-bot-mjolnir.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index 033b883a..2b0f1ddc 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -21,6 +21,8 @@ You can use the playbook to [register a new user](registering-users.md): ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.mjolnir password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user ``` +If you would like Mjolnir to be able to deactivate users, move aliases, shutdown rooms, etc then it must be a server admin so you need to change `admin=no` to `admin=yes` in the command above. + ## 2. Get an access token From 81dddd2e2501018b1fea7b4d779c4b3c5dae317a Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Fri, 2 Apr 2021 18:43:30 -0500 Subject: [PATCH 22/44] Upgrade Element (1.7.24 -> 1.7.24.1) --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 337c48d1..b6c3ce98 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -3,7 +3,7 @@ matrix_client_element_enabled: true matrix_client_element_container_image_self_build: false matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git" -matrix_client_element_version: v1.7.24 +matrix_client_element_version: v1.7.24.1 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else 'docker.io/' }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From f85054fd802ebbe4bcc48903e9dc8151ed7b5a66 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Fri, 2 Apr 2021 19:10:53 -0500 Subject: [PATCH 23/44] Add some advice about making Synapse faster Also removes some duplicate table of contents entries in maintenance-synapse.md --- docs/maintenance-synapse.md | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/docs/maintenance-synapse.md b/docs/maintenance-synapse.md index 143238c1..a1060498 100644 --- a/docs/maintenance-synapse.md +++ b/docs/maintenance-synapse.md @@ -6,13 +6,11 @@ Table of contents: - [Purging old data with the Purge History API](#purging-old-data-with-the-purge-history-api), for when you wish to delete in-use (but old) data from the Synapse database -- [Synapse maintenance](#synapse-maintenance) - - [Purging old data with the Purge History API](#purging-old-data-with-the-purge-history-api) - - [Compressing state with rust-synapse-compress-state](#compressing-state-with-rust-synapse-compress-state) - - [Browse and manipulate the database](#browse-and-manipulate-the-database) +- [Compressing state with rust-synapse-compress-state](#compressing-state-with-rust-synapse-compress-state) - [Browse and manipulate the database](#browse-and-manipulate-the-database), for when you really need to take matters into your own hands +- [Make Synapse faster](#make-synapse-faster) ## Purging old data with the Purge History API @@ -73,3 +71,11 @@ docker run --rm --publish 1799:8080 --link matrix-postgres --net matrix adminer You should then be able to browse the adminer database administration GUI at http://localhost:1799/ after entering your DB credentials (found in the `host_vars` or on the server in `{{matrix_synapse_config_dir_path}}/homeserver.yaml` under `database.args`) ⚠️ Be **very careful** with this, there is **no undo** for impromptu DB operations. + +## Make Synapse faster + +Synapse's presence feature which tracks which users are online and which are offline can use a lot of processing power. You can disable presence by adding `matrix_synapse_use_presence: false` to your `vars.yml` file. + +Tuning Synapse's cache factor can help reduce RAM usage. See the upstream documentation for more information on what value to set this to https://github.com/matrix-org/synapse#help-synapse-is-slow-and-eats-all-my-ram-cpu. Use the variable `matrix_synapse_caches_global_factor` to set the cache factor. + +See also [How do I optimize this setup for a low-power server?](faq.md#how-do-i-optimize-this-setup-for-a-low-power-server). From c86cc1138640689549470e8738eafda6386b9b5e Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Fri, 2 Apr 2021 19:26:41 -0500 Subject: [PATCH 24/44] Add some advice about tuning PostgreSQL --- docs/maintenance-postgres.md | 41 ++++++++++++++++++++++++++++++++++++ docs/maintenance-synapse.md | 2 ++ 2 files changed, 43 insertions(+) diff --git a/docs/maintenance-postgres.md b/docs/maintenance-postgres.md index acbea54c..d43a5dc7 100644 --- a/docs/maintenance-postgres.md +++ b/docs/maintenance-postgres.md @@ -12,6 +12,7 @@ Table of contents: - [Upgrading PostgreSQL](#upgrading-postgresql), for upgrading to new major versions of PostgreSQL. Such **manual upgrades are sometimes required**. +- [Tuning PostgreSQL](#tuning-postgresql) to make it run faster ## Getting a database terminal @@ -90,3 +91,43 @@ If you have plenty of space in `/tmp` and would rather avoid gzipping, you can e Example: `--extra-vars="postgres_dump_name=matrix-postgres-dump.sql"` **All databases, roles, etc. on the Postgres server are migrated**. + + +## Tuning PostgreSQL + +PostgreSQL can be tuned to make it run faster. This is done by passing extra arguments to Postgres with the `matrix_postgres_process_extra_arguments` variable. You should use a website like https://pgtune.leopard.in.ua/ or information from https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server to determine what Postgres settings you should change. + +### Here are some examples: + +These are not recommended values and they may not work well for you. This is just to give you an idea of some of the options that can be set. If you are an experienced PostgreSQL admin feel free to update this documentation with better examples. + +Here is an example config for a small 2 core server with 4GB of RAM and SSD storage: +``` +matrix_postgres_process_extra_arguments: [ + "-c 'shared_buffers=128MB'", + "-c 'effective_cache_size=2304MB'", + "-c 'effective_io_concurrency=100'", + "-c 'random_page_cost=2.0'", + "-c 'min_wal_size=500MB'", +] +``` + +Here is an example config for a large 6 core server with 24GB of RAM: +``` +matrix_postgres_process_extra_arguments: [ + "-c max_connections=40", + "-c shared_buffers=1536MB", + "-c checkpoint_completion_target=0.7", + "-c wal_buffers=16MB", + "-c default_statistics_target=100", + "-c random_page_cost=1.1", + "-c effective_io_concurrency=100", + "-c work_mem=2621kB", + "-c min_wal_size=1GB", + "-c max_wal_size=4GB", + "-c max_worker_processes=6", + "-c max_parallel_workers_per_gather=3", + "-c max_parallel_workers=6", + "-c max_parallel_maintenance_workers=3", +] +``` diff --git a/docs/maintenance-synapse.md b/docs/maintenance-synapse.md index a1060498..dfdec72e 100644 --- a/docs/maintenance-synapse.md +++ b/docs/maintenance-synapse.md @@ -78,4 +78,6 @@ Synapse's presence feature which tracks which users are online and which are off Tuning Synapse's cache factor can help reduce RAM usage. See the upstream documentation for more information on what value to set this to https://github.com/matrix-org/synapse#help-synapse-is-slow-and-eats-all-my-ram-cpu. Use the variable `matrix_synapse_caches_global_factor` to set the cache factor. +Tuning your PostgreSQL database will also make Synapse run significantly faster. See [maintenance-postgres.md##tuning-postgresql](maintenance-postgres.md##tuning-postgresql). + See also [How do I optimize this setup for a low-power server?](faq.md#how-do-i-optimize-this-setup-for-a-low-power-server). From 598f00b335ead49d5b79eb500099ce87ecd7fb09 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Fri, 2 Apr 2021 19:28:48 -0500 Subject: [PATCH 25/44] Nice link --- docs/maintenance-synapse.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/maintenance-synapse.md b/docs/maintenance-synapse.md index dfdec72e..7b7514a5 100644 --- a/docs/maintenance-synapse.md +++ b/docs/maintenance-synapse.md @@ -76,7 +76,7 @@ You should then be able to browse the adminer database administration GUI at htt Synapse's presence feature which tracks which users are online and which are offline can use a lot of processing power. You can disable presence by adding `matrix_synapse_use_presence: false` to your `vars.yml` file. -Tuning Synapse's cache factor can help reduce RAM usage. See the upstream documentation for more information on what value to set this to https://github.com/matrix-org/synapse#help-synapse-is-slow-and-eats-all-my-ram-cpu. Use the variable `matrix_synapse_caches_global_factor` to set the cache factor. +Tuning Synapse's cache factor can help reduce RAM usage. [See the upstream documentation](https://github.com/matrix-org/synapse#help-synapse-is-slow-and-eats-all-my-ram-cpu) for more information on what value to set the cache factor to. Use the variable `matrix_synapse_caches_global_factor` to set the cache factor. Tuning your PostgreSQL database will also make Synapse run significantly faster. See [maintenance-postgres.md##tuning-postgresql](maintenance-postgres.md##tuning-postgresql). From 26d334dcb96dcba71e4034f68f40666a43de95ae Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Sat, 3 Apr 2021 01:12:06 -0500 Subject: [PATCH 26/44] Typo --- docs/configuring-playbook-bot-mjolnir.md | 2 +- docs/configuring-playbook.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index 2b0f1ddc..e1c42097 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -21,7 +21,7 @@ You can use the playbook to [register a new user](registering-users.md): ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.mjolnir password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user ``` -If you would like Mjolnir to be able to deactivate users, move aliases, shutdown rooms, etc then it must be a server admin so you need to change `admin=no` to `admin=yes` in the command above. +If you would like Mjolnir to be able to deactivate users, move aliases, shutdown rooms, etc then it must be a server admin so you need to change `admin=no` to `admin=yes` in the command above. ## 2. Get an access token diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 9e9c442d..695eed65 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -85,7 +85,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Matrix Corporal](configuring-playbook-matrix-corporal.md) (optional, advanced) -- [Setting up Mjolnir](configuring-playbook-bot-mjolnir) (optional, advanced) +- [Setting up Mjolnir](configuring-playbook-bot-mjolnir.md) (optional, advanced) ### Bridging other networks From 28a6f8bd57cb006a3fb98884adbce97f986a0655 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 3 Apr 2021 10:52:35 +0300 Subject: [PATCH 27/44] Announce Mjolnir bot support Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/962 --- CHANGELOG.md | 8 ++++++++ docs/configuring-playbook.md | 6 ++++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 36790dce..fb55c7c2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,11 @@ +# 2021-04-03 + +## Mjolnir moderation tool (bot) support + +Thanks to [Aaron Raimist](https://github.com/aaronraimist), the playbook can now install and configure the [Mjolnir](https://github.com/matrix-org/mjolnir) moderation tool (bot). + +Additional details are available in [Setting up Mjolnir](docs/configuring-playbook-bot-mjolnir.md). + # 2021-03-20 diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 695eed65..45293739 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -131,9 +131,11 @@ When you're done with all the configuration you'd like to do, continue with [Ins ### Bots -- [Setting up matrix-reminder-bot](configuring-playbook-bot-matrix-reminder-bot.md) (optional) +- [Setting up matrix-reminder-bot](configuring-playbook-bot-matrix-reminder-bot.md) - a bot to remind you about stuff (optional) -- [Setting up Go-NEB](configuring-playbook-bot-go-neb.md) (optional) +- [Setting up Go-NEB](configuring-playbook-bot-go-neb.md) - an extensible multifunctional bot (optional) + +- [Setting up Mjolnir](configuring-playbook-bot-mjolnir.md) - a moderation tool/bot (optional) ### Other specialized services From df31694d12b5c1f500e2d7836fab379f184bfce1 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Sat, 3 Apr 2021 03:18:54 -0500 Subject: [PATCH 28/44] Couple of additional tweaks to the mjolnir docs --- docs/configuring-playbook-bot-mjolnir.md | 16 +++++++++------- docs/configuring-playbook.md | 2 -- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/configuring-playbook-bot-mjolnir.md b/docs/configuring-playbook-bot-mjolnir.md index e1c42097..0a5860c1 100644 --- a/docs/configuring-playbook-bot-mjolnir.md +++ b/docs/configuring-playbook-bot-mjolnir.md @@ -7,7 +7,7 @@ See the project's [documentation](https://github.com/matrix-org/mjolnir) to lear Note: the playbook does not currently support the Mjolnir Synapse module. The playbook does support another antispam module, see [Setting up Synapse Simple Antispam](configuring-playbook-synapse-simple-antispam.md). -## 1. Registering the bot user +## 1. Register the bot account The playbook does not automatically create users for you. The bot requires an access token to be able to connect to your homeserver. @@ -67,29 +67,31 @@ You can run `SELECT * FROM ratelimit_override;` to see if it worked. If the outp then you did it correctly. -## 5. Create a management room +## 4. Create a management room -Using your own account, create a new room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room. +Using your own account, create a new invite only room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room. Anyone in this room can control the bot so it is important that you only invite trusted users to this room. The room must be unencrypted since the playbook does not support installing Pantalaimon yet. Once you have created the room you need to copy the room ID so you can tell the bot to use that room. In Element you can do this by going to the room's settings, clicking Advanced, and then coping the internal room ID. The room ID will look something like `!QvgVuKq0ha8glOLGMG:DOMAIN`. +Finally invite the `@bot.mjolnir:DOMAIN` account you created earlier into the room. -## 4. Adjusting the playbook configuration + +## 5. Adjusting the playbook configuration Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs): -You must replace `ACCESS_TOKEN_FROM_STEP_2_GOES_HERE` and `ROOM_ID_FROM_STEP_5_GOES_HERE` with the your own values. +You must replace `ACCESS_TOKEN_FROM_STEP_2_GOES_HERE` and `ROOM_ID_FROM_STEP_4_GOES_HERE` with the your own values. ```yaml matrix_bot_mjolnir_enabled: true matrix_bot_mjolnir_access_token: "ACCESS_TOKEN_FROM_STEP_2_GOES_HERE" -matrix_bot_mjolnir_management_room: "ROOM_ID_FROM_STEP_5_GOES_HERE" +matrix_bot_mjolnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE" ``` -## 5. Installing +## 6. Installing After configuring the playbook, run the [installation](installing.md) command: diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 45293739..f6988930 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -85,8 +85,6 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Matrix Corporal](configuring-playbook-matrix-corporal.md) (optional, advanced) -- [Setting up Mjolnir](configuring-playbook-bot-mjolnir.md) (optional, advanced) - ### Bridging other networks From 504f1b644541e0fff1b719ee210dcde3cb970617 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Sat, 3 Apr 2021 16:41:10 -0500 Subject: [PATCH 29/44] Allow special characters in Grafana password --- docs/configuring-playbook-prometheus-grafana.md | 5 ++--- roles/matrix-grafana/templates/grafana.ini.j2 | 8 ++++---- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md index 310eac6a..4968c518 100644 --- a/docs/configuring-playbook-prometheus-grafana.md +++ b/docs/configuring-playbook-prometheus-grafana.md @@ -17,11 +17,10 @@ matrix_grafana_anonymous_access: false # This has no relation to your Matrix user id. It can be any username you'd like. # Changing the username subsequently won't work. -matrix_grafana_default_admin_user: some_username_chosen_by_you +matrix_grafana_default_admin_user: "some_username_chosen_by_you" -# Passwords containing special characters may be troublesome. # Changing the password subsequently won't work. -matrix_grafana_default_admin_password: some_strong_password_chosen_by_you +matrix_grafana_default_admin_password: "some_strong_password_chosen_by_you" ``` By default, a [Grafana](https://grafana.com/) web user-interface will be available at `https://stats.`. diff --git a/roles/matrix-grafana/templates/grafana.ini.j2 b/roles/matrix-grafana/templates/grafana.ini.j2 index 694bf7d7..c7fe1d91 100644 --- a/roles/matrix-grafana/templates/grafana.ini.j2 +++ b/roles/matrix-grafana/templates/grafana.ini.j2 @@ -1,16 +1,16 @@ [security] # default admin user, created on startup -admin_user = {{ matrix_grafana_default_admin_user }} +admin_user = "{{ matrix_grafana_default_admin_user }}" -# default admin password, can be changed before first start of grafana, or in profile settings -admin_password = {{ matrix_grafana_default_admin_password }} +# default admin password, can be changed before first start of grafana, or in profile settings +admin_password = """{{ matrix_grafana_default_admin_password }}""" [auth.anonymous] # enable anonymous access enabled = {{ matrix_grafana_anonymous_access }} # specify organization name that should be used for unauthenticated users -org_name = {{ matrix_grafana_anonymous_access_org_name }} +org_name = "{{ matrix_grafana_anonymous_access_org_name }}" [dashboards] {% if matrix_synapse_metrics_enabled %} From 458c17b9d0d5365df6b077b9fbbd418e45b09d88 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Sat, 3 Apr 2021 16:41:30 -0500 Subject: [PATCH 30/44] Upgrade Grafana (7.4.0 -> 7.5.2) --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index 876e5f6f..dd4c2753 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -3,7 +3,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 7.4.0 +matrix_grafana_version: 7.5.2 matrix_grafana_docker_image: "docker.io/grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From fbe22289bd4da6246cb2d00f002d03da25b6fa05 Mon Sep 17 00:00:00 2001 From: Michael Date: Sun, 4 Apr 2021 11:41:06 +0800 Subject: [PATCH 31/44] merge with upstream and testing branch --- docs/configuring-awx-system.md | 2 +- .../matrix-awx/surveys/backup_server.json.j2 | 2 +- .../surveys/configure_dimension.json.j2 | 30 +++++ .../surveys/configure_synapse.json.j2 | 24 ++-- roles/matrix-awx/tasks/backup_server.yml | 31 +++-- .../tasks/cache_matrix_variables.yml | 12 ++ .../tasks/customise_website_access_export.yml | 23 ++-- .../tasks/load_hosting_and_org_variables.yml | 1 + .../tasks/load_matrix_variables.yml | 14 ++- roles/matrix-awx/tasks/main.yml | 28 ++++- roles/matrix-awx/tasks/self_check.yml | 12 ++ .../tasks/set_variables_corporal.yml | 54 ++++----- .../tasks/set_variables_dimension.yml | 109 ++++++++++++++++++ .../tasks/set_variables_element.yml | 18 +-- .../matrix-awx/tasks/set_variables_jitsi.yml | 10 +- .../matrix-awx/tasks/set_variables_ma1sd.yml | 31 ++--- .../tasks/set_variables_synapse.yml | 54 ++++----- .../tasks/set_variables_synapse_admin.yml | 10 +- roles/matrix-common-after/tasks/awx_post.yml | 19 ++- 19 files changed, 333 insertions(+), 151 deletions(-) create mode 100644 roles/matrix-awx/surveys/configure_dimension.json.j2 create mode 100644 roles/matrix-awx/tasks/cache_matrix_variables.yml create mode 100644 roles/matrix-awx/tasks/set_variables_dimension.yml diff --git a/docs/configuring-awx-system.md b/docs/configuring-awx-system.md index 2bc2699b..f391a457 100644 --- a/docs/configuring-awx-system.md +++ b/docs/configuring-awx-system.md @@ -19,7 +19,7 @@ The following repositories allow you to copy and use this setup: [Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) - Creates and configures the AWX system for you. -[Ansible Create Delete Subscription Membership](https://gitlab.com/GoMatrixHosting/ansible-create-delete-subscription-membership) - Used by the AWX system to create memberships and subscriptions. +[Ansible Create Delete Subscription Membership](https://gitlab.com/GoMatrixHosting/ansible-create-delete-subscription-membership) - Used by the AWX system to create memberships and subscriptions. Also includes other administrative playbooks for updates, backups and restoring servers. [Ansible Provision Server](https://gitlab.com/GoMatrixHosting/ansible-provision-server) - Used by AWX members to perform initial configuration of their DigitalOcean or On-Premises server. diff --git a/roles/matrix-awx/surveys/backup_server.json.j2 b/roles/matrix-awx/surveys/backup_server.json.j2 index 232d1968..9b9cddbd 100644 --- a/roles/matrix-awx/surveys/backup_server.json.j2 +++ b/roles/matrix-awx/surveys/backup_server.json.j2 @@ -5,7 +5,7 @@ { "question_name": "Enable Backup", "question_description": "Set if remote backup is enabled or not. If enabled a daily backup of your server will be sent to the backup server located in {{ backup_server_location }}.", - "required": true, + "required": false, "min": null, "max": null, "default": "{{ matrix_awx_backup_enabled | string | lower }}", diff --git a/roles/matrix-awx/surveys/configure_dimension.json.j2 b/roles/matrix-awx/surveys/configure_dimension.json.j2 new file mode 100644 index 00000000..3acbaaaf --- /dev/null +++ b/roles/matrix-awx/surveys/configure_dimension.json.j2 @@ -0,0 +1,30 @@ +{ + "name": "Configure Dimension", + "description": "", + "spec": [ + { + "question_name": "Enable Dimension", + "question_description": "Enables the Dimension integration server, before doing this you need to create a CNAME record for 'dimension.{{ matrix_domain }}' that points to 'matrix.{{ matrix_domain }}'.", + "required": false, + "min": null, + "max": null, + "default": "{{ matrix_dimension_enabled | string | lower }}", + "choices": "true\nfalse", + "new_question": true, + "variable": "matrix_dimension_enabled", + "type": "multiplechoice" + }, + { + "question_name": "Dimension Users", + "question_description": "Here you can list the user accounts that will be able to configure Dimension. Entries must be seperated with newlines and must be a complete Matrix ID. For example: '@dimension:{{ matrix_domain }}'", + "required": false, + "min": 0, + "max": 65536, + "default": {{ ext_dimension_users_raw_final | to_json }}, + "choices": "", + "new_question": true, + "variable": "ext_dimension_users_raw", + "type": "textarea" + } + ] +} diff --git a/roles/matrix-awx/surveys/configure_synapse.json.j2 b/roles/matrix-awx/surveys/configure_synapse.json.j2 index 8d3b5daf..e3fca6a2 100755 --- a/roles/matrix-awx/surveys/configure_synapse.json.j2 +++ b/roles/matrix-awx/surveys/configure_synapse.json.j2 @@ -8,7 +8,7 @@ "required": false, "min": null, "max": null, - "default": "{{ matrix_synapse_enable_registration|string|lower }}", + "default": "{{ matrix_synapse_enable_registration | string | lower }}", "choices": "true\nfalse", "new_question": true, "variable": "matrix_synapse_enable_registration", @@ -20,7 +20,7 @@ "required": false, "min": null, "max": null, - "default": "{{ matrix_synapse_federation_enabled|string|lower }}", + "default": "{{ matrix_synapse_federation_enabled | string | lower }}", "choices": "true\nfalse", "new_question": true, "variable": "matrix_synapse_federation_enabled", @@ -32,7 +32,7 @@ "required": false, "min": null, "max": null, - "default": "{{ matrix_synapse_allow_public_rooms_over_federation|string|lower }}", + "default": "{{ matrix_synapse_allow_public_rooms_over_federation | string | lower }}", "choices": "true\nfalse", "new_question": true, "variable": "matrix_synapse_allow_public_rooms_over_federation", @@ -44,7 +44,7 @@ "required": false, "min": null, "max": null, - "default": "{{ matrix_synapse_enable_group_creation|string|lower }}", + "default": "{{ matrix_synapse_enable_group_creation | string | lower }}", "choices": "true\nfalse", "new_question": true, "variable": "matrix_synapse_enable_group_creation", @@ -56,7 +56,7 @@ "required": false, "min": null, "max": null, - "default": "{{ matrix_synapse_use_presence|string|lower }}", + "default": "{{ matrix_synapse_use_presence | string | lower }}", "choices": "true\nfalse", "new_question": true, "variable": "matrix_synapse_use_presence", @@ -68,7 +68,7 @@ "required": false, "min": null, "max": null, - "default": "{{ matrix_synapse_url_preview_enabled|string|lower }}", + "default": "{{ matrix_synapse_url_preview_enabled | string | lower }}", "choices": "true\nfalse", "new_question": true, "variable": "matrix_synapse_url_preview_enabled", @@ -80,7 +80,7 @@ "required": false, "min": null, "max": null, - "default": "{{ matrix_synapse_allow_guest_access|string|lower }}", + "default": "{{ matrix_synapse_allow_guest_access | string | lower }}", "choices": "true\nfalse", "new_question": true, "variable": "matrix_synapse_allow_guest_access", @@ -92,7 +92,7 @@ "required": false, "min": null, "max": null, - "default": "{{ ext_registrations_require_3pid|string|lower }}", + "default": "{{ ext_registrations_require_3pid | string | lower }}", "choices": "true\nfalse", "new_question": true, "variable": "ext_registrations_require_3pid", @@ -128,7 +128,7 @@ "required": false, "min": 0, "max": 65536, - "default": {{ ext_url_preview_accept_language_default|to_json }}, + "default": {{ ext_url_preview_accept_language_default | to_json }}, "choices": "", "new_question": true, "variable": "ext_url_preview_accept_language_raw", @@ -140,7 +140,7 @@ "required": false, "min": 0, "max": 65536, - "default": {{ ext_federation_whitelist_raw|to_json }}, + "default": {{ ext_federation_whitelist_raw | to_json }}, "choices": "", "new_question": true, "variable": "ext_federation_whitelist_raw", @@ -152,7 +152,7 @@ "required": false, "min": 0, "max": 65536, - "default": {{ matrix_synapse_auto_join_rooms_raw|to_json }}, + "default": {{ matrix_synapse_auto_join_rooms_raw | to_json }}, "choices": "", "new_question": true, "variable": "matrix_synapse_auto_join_rooms_raw", @@ -164,7 +164,7 @@ "required": false, "min": null, "max": null, - "default": "{{ ext_enable_registration_captcha|string|lower }}", + "default": "{{ ext_enable_registration_captcha | string | lower }}", "choices": "true\nfalse", "new_question": true, "variable": "ext_enable_registration_captcha", diff --git a/roles/matrix-awx/tasks/backup_server.yml b/roles/matrix-awx/tasks/backup_server.yml index 2459fc8a..a82f46b0 100644 --- a/roles/matrix-awx/tasks/backup_server.yml +++ b/roles/matrix-awx/tasks/backup_server.yml @@ -5,27 +5,24 @@ path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# AWX Settings' + insertafter: '# AWX Settings Start' with_dict: 'matrix_awx_backup_enabled': '{{ matrix_awx_backup_enabled }}' - -- name: Copy new 'matrix_vars.yml' to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - dest: '/matrix/awx/matrix_vars.yml' - mode: '0660' + tags: use-survey - name: Save new 'Backup Server' survey.json to the AWX tower, template delegate_to: 127.0.0.1 template: src: 'roles/matrix-awx/surveys/backup_server.json.j2' dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json' + tags: use-survey - name: Copy new 'Backup Server' survey.json to target machine copy: src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json' dest: '/matrix/awx/backup_server.json' mode: '0660' + tags: use-survey - name: Collect AWX admin token the hard way! delegate_to: 127.0.0.1 @@ -33,6 +30,7 @@ curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' register: tower_token no_log: True + tags: use-survey - name: Recreate 'Backup Server' job template delegate_to: 127.0.0.1 @@ -41,7 +39,7 @@ description: "Performs a backup of the entire service to a remote location." extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" job_type: run - job_tags: "backup-server" + job_tags: "backup-server,use-survey" inventory: "{{ member_id }}" project: "{{ member_id }} - Matrix Docker Ansible Deploy" playbook: setup.yml @@ -54,6 +52,23 @@ tower_host: "https://{{ tower_host }}" tower_oauthtoken: "{{ tower_token.stdout }}" validate_certs: yes + tags: use-survey + +- name: Run export.sh if this job template is run by the client + command: /bin/sh /root/export.sh + tags: use-survey + +- name: Include vars in matrix_vars.yml + include_vars: + file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + no_log: True + +- name: Copy new 'matrix_vars.yml' to target machine + copy: + src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + dest: '/matrix/awx/matrix_vars.yml' + mode: '0660' + tags: use-survey - name: Perform the borg backup command: borgmatic diff --git a/roles/matrix-awx/tasks/cache_matrix_variables.yml b/roles/matrix-awx/tasks/cache_matrix_variables.yml new file mode 100644 index 00000000..a34b3792 --- /dev/null +++ b/roles/matrix-awx/tasks/cache_matrix_variables.yml @@ -0,0 +1,12 @@ + +- name: Collect current datetime + set_fact: + awx_datetime: "{{ lookup('pipe', 'date +%Y-%m-%d_%H:%M') }}" + +- name: Create cached matrix_vars.yml file location + set_fact: + awx_cached_matrix_vars: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars_{{ awx_datetime }}.yml' + +- name: Create cached matrix_vars.yml + delegate_to: 127.0.0.1 + shell: "cp /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml {{ awx_cached_matrix_vars }}" diff --git a/roles/matrix-awx/tasks/customise_website_access_export.yml b/roles/matrix-awx/tasks/customise_website_access_export.yml index 40ae1bfd..580d8bc9 100755 --- a/roles/matrix-awx/tasks/customise_website_access_export.yml +++ b/roles/matrix-awx/tasks/customise_website_access_export.yml @@ -1,12 +1,11 @@ - - name: Enable index.html creation if user doesn't wish to customise base domain delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Base Domain Settings' + insertafter: '# Base Domain Settings Start' with_dict: 'matrix_nginx_proxy_base_domain_homepage_enabled': 'true' when: customise_base_domain_website|bool == false @@ -14,10 +13,10 @@ - name: Disable index.html creation to allow multi-file site if user does wish to customise base domain delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Base Domain Settings' + insertafter: '# Base Domain Settings Start' with_dict: 'matrix_nginx_proxy_base_domain_homepage_enabled': 'false' when: customise_base_domain_website|bool == true @@ -25,27 +24,23 @@ - name: Record custom 'Customise Website + Access Export' variables locally on AWX delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Custom Settings' + insertafter: '# Custom Settings Start' with_dict: 'customise_base_domain_website': '{{ customise_base_domain_website }}' 'sftp_auth_method': '"{{ sftp_auth_method }}"' 'sftp_password': '"{{ sftp_password }}"' 'sftp_public_key': '"{{ sftp_public_key }}"' -- name: Copy new 'matrix_vars.yml' to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - dest: '/matrix/awx/matrix_vars.yml' - mode: '0660' - - name: Reload vars in matrix_vars.yml include_vars: - file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + file: '{{ awx_cached_matrix_vars }}' no_log: True +# ^ Is this even needed? + - name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template delegate_to: 127.0.0.1 template: diff --git a/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml b/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml index 6789431a..ea866254 100644 --- a/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml +++ b/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml @@ -8,3 +8,4 @@ include_vars: file: '/var/lib/awx/projects/hosting/hosting_vars.yml' no_log: True + diff --git a/roles/matrix-awx/tasks/load_matrix_variables.yml b/roles/matrix-awx/tasks/load_matrix_variables.yml index ff0986d7..2a9f9a0d 100755 --- a/roles/matrix-awx/tasks/load_matrix_variables.yml +++ b/roles/matrix-awx/tasks/load_matrix_variables.yml @@ -1,5 +1,15 @@ -- name: Include vars in matrix_vars.yml +- name: Include new vars in matrix_vars.yml include_vars: - file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + file: '{{ awx_cached_matrix_vars }}' no_log: True + +- name: If include_vars succeeds overwrite the old matrix_vars.yml + delegate_to: 127.0.0.1 + shell: "cp {{ awx_cached_matrix_vars }} /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml && rm {{ awx_cached_matrix_vars }}" + +- name: Copy new 'matrix_vars.yml' to target machine + copy: + src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + dest: '/matrix/awx/matrix_vars.yml' + mode: '0660' diff --git a/roles/matrix-awx/tasks/main.yml b/roles/matrix-awx/tasks/main.yml index 4965ae39..2f8c6df2 100755 --- a/roles/matrix-awx/tasks/main.yml +++ b/roles/matrix-awx/tasks/main.yml @@ -26,6 +26,15 @@ tags: - create-user +# Import configs, media repo from /chroot/backup import +- include_tasks: + file: "import_awx.yml" + apply: + tags: import-awx + when: run_setup|bool and matrix_awx_enabled|bool + tags: + - import-awx + # Perform extra self-check functions - include_tasks: file: "self_check.yml" @@ -35,14 +44,14 @@ tags: - self-check -# Import configs, media repo from /chroot/backup import +# Create caches matrix_vars.yml file - include_tasks: - file: "import_awx.yml" + file: "cache_matrix_variables.yml" apply: - tags: import-awx + tags: always when: run_setup|bool and matrix_awx_enabled|bool tags: - - import-awx + - always # Configure SFTP so user can upload a static website or access the servers export - include_tasks: @@ -98,6 +107,15 @@ tags: - setup-corporal +# Additional playbook to set the variable file during Dimension configuration +- include_tasks: + file: "set_variables_dimension.yml" + apply: + tags: setup-dimension + when: run_setup|bool and matrix_awx_enabled|bool + tags: + - setup-dimension + # Additional playbook to set the variable file during Synapse Admin configuration - include_tasks: file: "set_variables_synapse_admin.yml" @@ -107,7 +125,7 @@ tags: - setup-synapse-admin -# Load newly formed matrix variables from tower volume +# Load newly formed matrix variables from AWX volume - include_tasks: file: "load_matrix_variables.yml" apply: diff --git a/roles/matrix-awx/tasks/self_check.yml b/roles/matrix-awx/tasks/self_check.yml index 8d647574..edf6b8b3 100644 --- a/roles/matrix-awx/tasks/self_check.yml +++ b/roles/matrix-awx/tasks/self_check.yml @@ -3,6 +3,7 @@ apt: name: - sysstat + - curl state: present - name: Install prerequisite yum packages on AWX @@ -19,6 +20,17 @@ - dnspython state: present +- name: Calculate MAU value + shell: | + curl -s localhost:9000 | grep "^synapse_admin_mau_current " + register: mau_stat + no_log: True + +- name: Print MAU value + debug: + msg: "{{ mau_stat.stdout.split('\n') }}" + when: mau_stat is defined + - name: Calculate CPU usage statistics shell: iostat -c register: cpu_usage_stat diff --git a/roles/matrix-awx/tasks/set_variables_corporal.yml b/roles/matrix-awx/tasks/set_variables_corporal.yml index d8ac038d..6ae187c7 100755 --- a/roles/matrix-awx/tasks/set_variables_corporal.yml +++ b/roles/matrix-awx/tasks/set_variables_corporal.yml @@ -2,20 +2,20 @@ - name: Record Corporal Enabled/Disabled variable delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Corporal Settings' + insertafter: '# Corporal Settings Start' with_dict: 'matrix_corporal_enabled': '{{ matrix_corporal_enabled }}' - name: Enable Shared Secret Auth if Corporal enabled delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Shared Secret Auth Settings' + insertafter: '# Shared Secret Auth Settings Start' with_dict: 'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'true' when: matrix_corporal_enabled|bool @@ -23,10 +23,10 @@ - name: Disable Shared Secret Auth if Corporal disabled delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Shared Secret Auth Settings' + insertafter: '# Shared Secret Auth Settings Start' with_dict: 'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'false' when: not matrix_corporal_enabled|bool @@ -34,10 +34,10 @@ - name: Enable Rest Auth Endpoint if Corporal enabled delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Extension' + insertafter: '# Synapse Extension Start' with_dict: 'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true' when: matrix_corporal_enabled|bool @@ -45,10 +45,10 @@ - name: Disable Rest Auth Endpoint if Corporal disabled delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Extension' + insertafter: '# Synapse Extension Start' with_dict: 'matrix_synapse_ext_password_provider_rest_auth_enabled': 'false' when: not matrix_corporal_enabled|bool @@ -56,10 +56,10 @@ - name: Disable Corporal API if Simple Static File mode selected delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Corporal Settings' + insertafter: '# Corporal Settings Start' with_dict: 'matrix_corporal_http_api_enabled': 'false' when: (matrix_corporal_policy_provider_mode == "Simple Static File") or (not matrix_corporal_enabled|bool) @@ -67,10 +67,10 @@ - name: Enable Corporal API if Push/Pull mode delected delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Corporal Settings' + insertafter: '# Corporal Settings Start' with_dict: 'matrix_corporal_http_api_enabled': 'true' when: (matrix_corporal_policy_provider_mode != "Simple Static File") and (matrix_corporal_enabled|bool) @@ -78,10 +78,10 @@ - name: Record Corporal API Access Token if it's defined delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Corporal Settings' + insertafter: '# Corporal Settings Start' with_dict: 'matrix_corporal_http_api_auth_token': '{{ matrix_corporal_http_api_auth_token }}' when: matrix_corporal_http_api_auth_token|length > 0 @@ -89,8 +89,8 @@ - name: Record 'Simple Static File' configuration variables in matrix_vars.yml delegate_to: 127.0.0.1 blockinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - insertafter: "# Corporal Policy Provider Settings" + path: '{{ awx_cached_matrix_vars }}' + insertafter: "# Corporal Policy Provider Settings Start" block: | matrix_corporal_policy_provider_config: | { @@ -151,8 +151,8 @@ - name: Record 'HTTP Pull Mode' configuration variables in matrix_vars.yml delegate_to: 127.0.0.1 blockinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - insertafter: "# Corporal Policy Provider Settings" + path: '{{ awx_cached_matrix_vars }}' + insertafter: "# Corporal Policy Provider Settings Start" block: | matrix_corporal_policy_provider_config: | { @@ -168,8 +168,8 @@ - name: Record 'HTTP Push Mode' configuration variables in matrix_vars.yml delegate_to: 127.0.0.1 blockinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - insertafter: "# Corporal Policy Provider Settings" + path: '{{ awx_cached_matrix_vars }}' + insertafter: "# Corporal Policy Provider Settings Start" block: | matrix_corporal_policy_provider_config: | { @@ -181,7 +181,7 @@ - name: Lower RateLimit if set to 'Normal' delegate_to: 127.0.0.1 replace: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300' replace: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3' when: matrix_corporal_raise_ratelimits == "Normal" @@ -189,17 +189,11 @@ - name: Raise RateLimit if set to 'Raised' delegate_to: 127.0.0.1 replace: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3' replace: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300' when: matrix_corporal_raise_ratelimits == "Raised" -- name: Copy new 'matrix_vars.yml' to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - dest: '/matrix/awx/matrix_vars.yml' - mode: '0664' - - name: Save new 'Configure Corporal' survey.json to the AWX tower delegate_to: 127.0.0.1 template: diff --git a/roles/matrix-awx/tasks/set_variables_dimension.yml b/roles/matrix-awx/tasks/set_variables_dimension.yml new file mode 100644 index 00000000..2d5eb619 --- /dev/null +++ b/roles/matrix-awx/tasks/set_variables_dimension.yml @@ -0,0 +1,109 @@ + +- name: Include vars in matrix_vars.yml + include_vars: + file: '{{ awx_cached_matrix_vars }}' + no_log: True + +- name: Install jq on remote machine + apt: + name: jq + state: present + +- name: Collect access token of Dimension user + shell: | + curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "dimension" }, "password": "{{ matrix_awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//' + register: dimension_user_access_token + +- name: Record Synapse variables locally on AWX + delegate_to: 127.0.0.1 + lineinfile: + path: '{{ awx_cached_matrix_vars }}' + regexp: "^#? *{{ item.key | regex_escape() }}:" + line: "{{ item.key }}: {{ item.value }}" + insertafter: '# Dimension Settings Start' + with_dict: + 'matrix_dimension_enabled': '{{ matrix_dimension_enabled }}' + 'matrix_dimension_access_token': '"{{ dimension_user_access_token.stdout }}"' + +- name: Set final users list if users are defined + set_fact: + ext_dimension_users_raw_final: "{{ ext_dimension_users_raw }}" + when: ext_dimension_users_raw|length > 0 + +- name: Set final users list if no users are defined + set_fact: + ext_dimension_users_raw_final: '@dimension:{{ matrix_domain }}' + when: ext_dimension_users_raw|length == 0 + +- name: Remove Dimension Users + delegate_to: 127.0.0.1 + replace: + path: '{{ awx_cached_matrix_vars }}' + regexp: '^ - .*\n' + after: 'matrix_dimension_admins:' + before: '# Dimension Settings End' + +- name: Set Dimension Users Header + delegate_to: 127.0.0.1 + lineinfile: + path: '{{ awx_cached_matrix_vars }}' + insertbefore: '# Dimension Settings End' + line: "matrix_dimension_admins:" + +- name: Set Dimension Users + delegate_to: 127.0.0.1 + lineinfile: + path: '{{ awx_cached_matrix_vars }}' + insertafter: '^matrix_dimension_admins:' + line: ' - "{{ item }}"' + with_items: "{{ ext_dimension_users_raw_final.splitlines() }}" + +- name: Record Dimension Custom variables locally on AWX + delegate_to: 127.0.0.1 + lineinfile: + path: '{{ awx_cached_matrix_vars }}' + regexp: "^#? *{{ item.key | regex_escape() }}:" + line: "{{ item.key }}: {{ item.value }}" + insertafter: '# Custom Settings Start' + with_dict: + 'ext_dimension_users_raw': '{{ ext_dimension_users_raw.splitlines() | to_json }}' + +- name: Save new 'Configure Dimension' survey.json to the AWX tower, template + delegate_to: 127.0.0.1 + template: + src: 'roles/matrix-awx/surveys/configure_dimension.json.j2' + dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//configure_dimension.json' + +- name: Copy new 'Configure Dimension' survey.json to target machine + copy: + src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json' + dest: '/matrix/awx/configure_dimension.json' + mode: '0660' + +- name: Collect AWX admin token the hard way! + delegate_to: 127.0.0.1 + shell: | + curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' + register: tower_token + no_log: True + +- name: Recreate 'Configure Dimension' job template + delegate_to: 127.0.0.1 + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 1 - Configure Dimension" + description: "Configure Dimension, the self-hosted integrations server." + extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" + job_type: run + job_tags: "start,setup-all,setup-dimension" + inventory: "{{ member_id }}" + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + credential: "{{ member_id }} - AWX SSH Key" + survey_enabled: true + survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json') }}" + become_enabled: yes + state: present + verbosity: 1 + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes diff --git a/roles/matrix-awx/tasks/set_variables_element.yml b/roles/matrix-awx/tasks/set_variables_element.yml index a21a9dd8..a0e41770 100755 --- a/roles/matrix-awx/tasks/set_variables_element.yml +++ b/roles/matrix-awx/tasks/set_variables_element.yml @@ -2,10 +2,10 @@ - name: Record Element-Web variables locally on AWX delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Element Settings' + insertafter: '# Element Settings Start' with_dict: 'matrix_client_element_enabled': '{{ matrix_client_element_enabled }}' 'matrix_client_element_jitsi_preferredDomain': '{{ matrix_client_element_jitsi_preferredDomain }}' @@ -16,24 +16,18 @@ - name: Set fact for 'https' string set_fact: - https_string: "https" + awx_https_string: "https" - name: Record Element-Web Background variable locally on AWX delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Element Settings' + insertafter: '# Element Settings Start' with_dict: 'matrix_client_element_branding_welcomeBackgroundUrl': '{{ matrix_client_element_branding_welcomeBackgroundUrl }}' - when: (https_string in matrix_client_element_branding_welcomeBackgroundUrl) and ( matrix_client_element_branding_welcomeBackgroundUrl|length > 0 ) - -- name: Copy new 'matrix_vars.yml' to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - dest: '/matrix/awx/matrix_vars.yml' - mode: '0660' + when: (awx_https_string in matrix_client_element_branding_welcomeBackgroundUrl) and ( matrix_client_element_branding_welcomeBackgroundUrl|length > 0 ) - name: Save new 'Configure Element' survey.json to the AWX tower, template delegate_to: 127.0.0.1 diff --git a/roles/matrix-awx/tasks/set_variables_jitsi.yml b/roles/matrix-awx/tasks/set_variables_jitsi.yml index 4a871a18..9c610685 100755 --- a/roles/matrix-awx/tasks/set_variables_jitsi.yml +++ b/roles/matrix-awx/tasks/set_variables_jitsi.yml @@ -2,20 +2,14 @@ - name: Record Jitsi variables locally on AWX delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Jitsi Settings' + insertafter: '# Jitsi Settings Start' with_dict: 'matrix_jitsi_enabled': '{{ matrix_jitsi_enabled }}' 'matrix_jitsi_web_config_defaultLanguage': '{{ matrix_jitsi_web_config_defaultLanguage }}' -- name: Copy new 'matrix_vars.yml' to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - dest: '/matrix/awx/matrix_vars.yml' - mode: '0660' - - name: Save new 'Configure Jitsi' survey.json to the AWX tower, template delegate_to: 127.0.0.1 template: diff --git a/roles/matrix-awx/tasks/set_variables_ma1sd.yml b/roles/matrix-awx/tasks/set_variables_ma1sd.yml index 32dadc0a..853d8c09 100755 --- a/roles/matrix-awx/tasks/set_variables_ma1sd.yml +++ b/roles/matrix-awx/tasks/set_variables_ma1sd.yml @@ -2,20 +2,20 @@ - name: Record ma1sd variables locally on AWX delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# ma1sd Settings' + insertafter: '# ma1sd Settings Start' with_dict: 'matrix_ma1sd_enabled': '{{ matrix_ma1sd_enabled }}' - name: Disable REST auth (matrix-corporal/ma1sd) if using internal auth delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Extension' + insertafter: '# Synapse Extension Start' with_dict: 'matrix_synapse_ext_password_provider_rest_auth_enabled': 'false' when: ext_matrix_ma1sd_auth_store == 'Synapse Internal' @@ -23,10 +23,10 @@ - name: Enable REST auth if using external LDAP/AD with ma1sd delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Extension' + insertafter: '# Synapse Extension Start' with_dict: 'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true' 'matrix_synapse_ext_password_provider_rest_auth_endpoint': 'http://matrix-ma1sd:8090' @@ -40,7 +40,7 @@ - name: Remove entire ma1sd configuration extension delegate_to: 127.0.0.1 replace: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: '^.*\n' after: '# Start ma1sd Extension' before: '# End ma1sd Extension' @@ -48,14 +48,14 @@ - name: Replace conjoined ma1sd configuration extension limiters delegate_to: 127.0.0.1 replace: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: '^# Start ma1sd Extension# End ma1sd Extension' replace: '# Start ma1sd Extension\n# End ma1sd Extension' - name: Insert ma1sd configuration extension header if using external LDAP/AD with ma1sd delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' line: "matrix_ma1sd_configuration_extension_yaml: |" insertafter: '# Start ma1sd Extension' when: ext_matrix_ma1sd_auth_store == 'LDAP/AD' @@ -63,7 +63,7 @@ - name: Set ma1sd configuration extension if using external LDAP/AD with ma1sd delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' insertbefore: '# End ma1sd Extension' line: '{{ item }}' with_items: "{{ ext_matrix_ma1sd_configuration_extension_yaml_parsed }}" @@ -72,20 +72,14 @@ - name: Record ma1sd Custom variables locally on AWX delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertbefore: '# Custom Settings' + insertbefore: '# Custom Settings Start' with_dict: 'ext_matrix_ma1sd_auth_store': '{{ ext_matrix_ma1sd_auth_store }}' 'ext_matrix_ma1sd_configuration_extension_yaml': '{{ ext_matrix_ma1sd_configuration_extension_yaml.splitlines() | to_json }}' -- name: Copy new 'matrix_vars.yml' to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - dest: '/matrix/awx/matrix_vars.yml' - mode: '0660' - - name: Save new 'Configure ma1sd' survey.json to the AWX tower, template delegate_to: 127.0.0.1 template: @@ -126,4 +120,3 @@ tower_oauthtoken: "{{ tower_token.stdout }}" validate_certs: yes -# ^ This playbook isn't executing so the survey isn't being updated! :P diff --git a/roles/matrix-awx/tasks/set_variables_synapse.yml b/roles/matrix-awx/tasks/set_variables_synapse.yml index ef7c70ef..e481d399 100755 --- a/roles/matrix-awx/tasks/set_variables_synapse.yml +++ b/roles/matrix-awx/tasks/set_variables_synapse.yml @@ -12,10 +12,10 @@ - name: Record Synapse variables locally on AWX delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Settings' + insertafter: '# Synapse Settings Start' with_dict: 'matrix_synapse_allow_public_rooms_over_federation': '{{ matrix_synapse_allow_public_rooms_over_federation }}' 'matrix_synapse_enable_registration': '{{ matrix_synapse_enable_registration }}' @@ -29,7 +29,7 @@ - name: Empty Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if raw inputs empty delegate_to: 127.0.0.1 replace: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^matrix_synapse_auto_join_rooms: .*$" replace: "matrix_synapse_auto_join_rooms: []" when: matrix_synapse_auto_join_rooms_raw|length == 0 @@ -43,10 +43,10 @@ - name: Record Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if it's not blank delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Settings' + insertafter: '# Synapse Settings Start' with_dict: "matrix_synapse_auto_join_rooms": "{{ matrix_synapse_auto_join_rooms_array }}" when: matrix_synapse_auto_join_rooms_raw|length > 0 @@ -54,10 +54,10 @@ - name: Record Synapse Shared Secret if it's defined delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Settings' + insertafter: '# Synapse Settings Start' with_dict: 'matrix_synapse_registration_shared_secret': '{{ matrix_synapse_registration_shared_secret }}' when: matrix_synapse_registration_shared_secret|length > 0 @@ -65,10 +65,10 @@ - name: Record registations_require_3pid extra variable if true delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "{{ item }}:" line: "{{ item }}" - insertbefore: '# End Synapse Extension' + insertbefore: '# Synapse Extension End' with_items: - " registrations_require_3pid:" - " - email" @@ -77,10 +77,10 @@ - name: Remove registrations_require_3pid extra variable if false delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "{{ item }}:" line: "{{ item }}" - insertbefore: '# End Synapse Extension' + insertbefore: '# Synapse Extension End' state: absent with_items: - " registrations_require_3pid:" @@ -90,10 +90,10 @@ - name: Remove URL Languages delegate_to: 127.0.0.1 replace: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: '^(?!.*\bemail\b) - [a-zA-Z\-]{2,5}\n' after: ' url_preview_accept_language:' - before: '# End Synapse Extension' + before: '# Synapse Extension End' - name: Set URL languages default if raw inputs empty set_fact: @@ -108,7 +108,7 @@ - name: Set URL languages if raw inputs empty delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' insertafter: '^ url_preview_accept_language:' line: " - {{ ext_url_preview_accept_language_default }}" when: ext_url_preview_accept_language_raw|length == 0 @@ -116,7 +116,7 @@ - name: Set URL languages if raw inputs not empty delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' insertafter: '^ url_preview_accept_language:' line: " - {{ item }}" with_items: "{{ ext_url_preview_accept_language_raw.splitlines() }}" @@ -125,22 +125,22 @@ - name: Remove Federation Whitelisting 1 delegate_to: 127.0.0.1 replace: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: '^ - [a-z0-9]+\.[a-z0-9.]+\n' after: ' federation_domain_whitelist:' - before: '# End Synapse Extension' + before: '# Synapse Extension End' - name: Remove Federation Whitelisting 2 delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' line: " federation_domain_whitelist:" state: absent - name: Set Federation Whitelisting 1 delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' insertafter: '^matrix_synapse_configuration_extension_yaml: \|' line: " federation_domain_whitelist:" when: ext_federation_whitelist_raw|length > 0 @@ -148,7 +148,7 @@ - name: Set Federation Whitelisting 2 delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' insertafter: '^ federation_domain_whitelist:' line: " - {{ item }}" with_items: "{{ ext_federation_whitelist_raw.splitlines() }}" @@ -157,10 +157,10 @@ - name: Record Synapse Custom variables locally on AWX delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertbefore: '# Custom Settings' + insertafter: '# Custom Settings Start' with_dict: 'ext_federation_whitelist_raw': '{{ ext_federation_whitelist_raw.splitlines() | to_json }}' 'ext_url_preview_accept_language_default': '{{ ext_url_preview_accept_language_default.splitlines() | to_json }}' @@ -176,21 +176,15 @@ - name: Record Synapse Extension variables locally on AWX delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertbefore: '# End Synapse Extension' + insertbefore: '# Synapse Extension End' with_dict: ' enable_registration_captcha': '{{ ext_enable_registration_captcha }}' ' recaptcha_public_key': '{{ ext_recaptcha_public_key }}' ' recaptcha_private_key': '{{ ext_recaptcha_private_key }}' -- name: Copy new 'matrix_vars.yml' to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - dest: '/matrix/awx/matrix_vars.yml' - mode: '0660' - - name: Save new 'Configure Synapse' survey.json to the AWX tower, template delegate_to: 127.0.0.1 template: diff --git a/roles/matrix-awx/tasks/set_variables_synapse_admin.yml b/roles/matrix-awx/tasks/set_variables_synapse_admin.yml index 42084ad7..fa922de4 100644 --- a/roles/matrix-awx/tasks/set_variables_synapse_admin.yml +++ b/roles/matrix-awx/tasks/set_variables_synapse_admin.yml @@ -2,19 +2,13 @@ - name: Record Synapse Admin variables locally on AWX delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Admin Settings' + insertafter: '# Synapse Admin Settings Start' with_dict: 'matrix_synapse_admin_enabled': '{{ matrix_synapse_admin_enabled }}' -- name: Copy new 'matrix_vars.yml' to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - dest: '/matrix/awx/matrix_vars.yml' - mode: '0660' - - name: Save new 'Configure Synapse Admin' survey.json to the AWX tower, template delegate_to: 127.0.0.1 template: diff --git a/roles/matrix-common-after/tasks/awx_post.yml b/roles/matrix-common-after/tasks/awx_post.yml index 6497acf7..568ccd23 100644 --- a/roles/matrix-common-after/tasks/awx_post.yml +++ b/roles/matrix-common-after/tasks/awx_post.yml @@ -1,6 +1,6 @@ --- -- name: Create user account +- name: Create user account @janitor command: | /usr/local/bin/matrix-synapse-register-user janitor {{ matrix_awx_janitor_user_password | quote }} 1 register: cmd @@ -18,3 +18,20 @@ 'matrix_awx_janitor_user_created': 'true' when: not matrix_awx_janitor_user_created|bool +- name: Create user account @dimension + command: | + /usr/local/bin/matrix-synapse-register-user dimension {{ matrix_awx_dimension_user_password | quote }} 0 + register: cmd + when: not matrix_awx_dimension_user_created|bool + no_log: True + +- name: Update AWX dimension user created variable + delegate_to: 127.0.0.1 + lineinfile: + path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + regexp: "^#? *{{ item.key | regex_escape() }}:" + line: "{{ item.key }}: {{ item.value }}" + insertafter: 'AWX Settings' + with_dict: + 'matrix_awx_dimension_user_created': 'true' + when: not matrix_awx_dimension_user_created|bool From 814bdf5a88139e2c209f4c0aad21d9cf2131d410 Mon Sep 17 00:00:00 2001 From: Michael Date: Sun, 4 Apr 2021 11:52:26 +0800 Subject: [PATCH 32/44] update spelling --- roles/matrix-awx/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-awx/tasks/main.yml b/roles/matrix-awx/tasks/main.yml index 2f8c6df2..24c93b49 100755 --- a/roles/matrix-awx/tasks/main.yml +++ b/roles/matrix-awx/tasks/main.yml @@ -44,7 +44,7 @@ tags: - self-check -# Create caches matrix_vars.yml file +# Create cached matrix_vars.yml file - include_tasks: file: "cache_matrix_variables.yml" apply: From f41bfb69d204b0e3c522ca7e0a242d86d0866b80 Mon Sep 17 00:00:00 2001 From: Michael Date: Sun, 4 Apr 2021 12:01:53 +0800 Subject: [PATCH 33/44] update survey template formatting --- roles/matrix-awx/surveys/configure_ma1sd.json.j2 | 2 +- roles/matrix-awx/surveys/configure_synapse_admin.json.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-awx/surveys/configure_ma1sd.json.j2 b/roles/matrix-awx/surveys/configure_ma1sd.json.j2 index ad2110a0..e3c1d448 100644 --- a/roles/matrix-awx/surveys/configure_ma1sd.json.j2 +++ b/roles/matrix-awx/surveys/configure_ma1sd.json.j2 @@ -8,7 +8,7 @@ "required": false, "min": null, "max": null, - "default": "{{ matrix_ma1sd_enabled|string|lower }}", + "default": "{{ matrix_ma1sd_enabled | string | lower }}", "choices": "true\nfalse", "new_question": true, "variable": "matrix_ma1sd_enabled", diff --git a/roles/matrix-awx/surveys/configure_synapse_admin.json.j2 b/roles/matrix-awx/surveys/configure_synapse_admin.json.j2 index e1f6dc12..8845b83a 100644 --- a/roles/matrix-awx/surveys/configure_synapse_admin.json.j2 +++ b/roles/matrix-awx/surveys/configure_synapse_admin.json.j2 @@ -8,7 +8,7 @@ "required": false, "min": null, "max": null, - "default": "{{ matrix_synapse_admin_enabled|string|lower }}", + "default": "{{ matrix_synapse_admin_enabled | string | lower }}", "choices": "true\nfalse", "new_question": true, "variable": "matrix_synapse_admin_enabled", From 2178f3612f372fe420e6649dd95da6f45195db8c Mon Sep 17 00:00:00 2001 From: foxcris <361299+foxcris@users.noreply.github.com> Date: Mon, 5 Apr 2021 09:05:41 +0200 Subject: [PATCH 34/44] - matrix_postgres_backup_databases now uses more simple structure --- group_vars/matrix_servers | 10 ++++------ roles/matrix-postgres-backup/defaults/main.yml | 3 +-- .../templates/env-postgres-backup.j2 | 2 +- 3 files changed, 6 insertions(+), 9 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index b632b0d7..ec999333 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1422,13 +1422,11 @@ matrix_postgres_backup_connection_password: "{{ matrix_postgres_connection_passw # the default matrix synapse databse is not always part of the matrix_postgres_additional_databases variable thus we have to add it if the default database is used matrix_postgres_backup_databases: | {{ - ([{ - 'name': matrix_synapse_database_database, - 'username': matrix_synapse_database_user, - 'password': matrix_synapse_database_password, - }] if (matrix_synapse_enabled and matrix_synapse_database_database == matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else []) + ([ + matrix_synapse_database_database, + ] if (matrix_synapse_enabled and matrix_synapse_database_database == matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else []) + - matrix_postgres_additional_databases + matrix_postgres_additional_databases|map(attribute='name') }} ###################################################################### diff --git a/roles/matrix-postgres-backup/defaults/main.yml b/roles/matrix-postgres-backup/defaults/main.yml index cfa690a3..2f3dbc9e 100644 --- a/roles/matrix-postgres-backup/defaults/main.yml +++ b/roles/matrix-postgres-backup/defaults/main.yml @@ -11,9 +11,8 @@ matrix_postgres_backup_keep_days: "7" matrix_postgres_backup_keep_weeks: "4" matrix_postgres_backup_keep_months: "12" matrix_postgres_backup_healthcheck_port: "8080" -matrix_postgres_backup_db_list: "" +matrix_postgres_backup_databases: [] matrix_postgres_backup_path: "{{ matrix_base_data_path }}/postgres-backup" -matrix_postgres_backup_databases: "" matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres" matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data" diff --git a/roles/matrix-postgres-backup/templates/env-postgres-backup.j2 b/roles/matrix-postgres-backup/templates/env-postgres-backup.j2 index 979d3762..5a3a1ffd 100644 --- a/roles/matrix-postgres-backup/templates/env-postgres-backup.j2 +++ b/roles/matrix-postgres-backup/templates/env-postgres-backup.j2 @@ -2,7 +2,7 @@ POSTGRES_USER={{ matrix_postgres_backup_connection_username }} POSTGRES_PASSWORD={{ matrix_postgres_backup_connection_password }} POSTGRES_HOST={{ matrix_postgres_backup_connection_hostname }} -POSTGRES_DB={{ matrix_postgres_backup_databases|map(attribute='name')|join(', ') }} +POSTGRES_DB={{ matrix_postgres_backup_databases|join(', ') }} POSTGRES_EXTRA_OPTS={{ matrix_postgres_backup_extra_opts }} SCHEDULE={{ matrix_postgres_backup_schedule }} BACKUP_KEEP_DAYS={{ matrix_postgres_backup_keep_days }} From 14b8e3a3abf9280fc2d00a86d4e6956fe64d0e37 Mon Sep 17 00:00:00 2001 From: foxcris <361299+foxcris@users.noreply.github.com> Date: Mon, 5 Apr 2021 09:31:32 +0200 Subject: [PATCH 35/44] - fixed error with generator function --- group_vars/matrix_servers | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index ec999333..293907f7 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1422,11 +1422,11 @@ matrix_postgres_backup_connection_password: "{{ matrix_postgres_connection_passw # the default matrix synapse databse is not always part of the matrix_postgres_additional_databases variable thus we have to add it if the default database is used matrix_postgres_backup_databases: | {{ - ([ - matrix_synapse_database_database, - ] if (matrix_synapse_enabled and matrix_synapse_database_database == matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else []) + (([{ + 'name': matrix_synapse_database_database + }] if (matrix_synapse_enabled and matrix_synapse_database_database == matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else []) + - matrix_postgres_additional_databases|map(attribute='name') + matrix_postgres_additional_databases)|map(attribute='name')|list }} ###################################################################### From 37c089bb96b6fbf09989ee29ab478e60e7018ec6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 5 Apr 2021 11:13:45 +0300 Subject: [PATCH 36/44] Minor docs improvements --- docs/configuring-playbook-postgres-backup.md | 24 ++++++++++++++------ docs/maintenance-postgres.md | 4 +++- 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/docs/configuring-playbook-postgres-backup.md b/docs/configuring-playbook-postgres-backup.md index 7be0064f..2b58b1aa 100644 --- a/docs/configuring-playbook-postgres-backup.md +++ b/docs/configuring-playbook-postgres-backup.md @@ -4,14 +4,24 @@ The playbook can install and configure [docker-postgres-backup-local](https://gi ## Adjusting the playbook configuration +Minimal working configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`) to enable Postgres backup: + +```yaml +matrix_postgres_backup_enabled: true +``` + +Refer to the table below for additional configuration variables and their default values. + + | Name | Default value | Description | | :-------------------------------- | :--------------------------- | :--------------------------------------------------------------- | -|matrix_postgres_backup_enabled|false|Set to true to use [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) to create automatic database backups| -|matrix_postgres_backup_schedule| '@daily' |Cron-schedule specifying the interval between postgres backups.| -|matrix_postgres_backup_keep_days|"7"|Number of daily backups to keep| -|matrix_postgres_backup_keep_weeks|"4"|Number of weekly backups to keep| -|matrix_postgres_backup_keep_months|"12"|Number of monthly backups to keep| -|matrix_postgres_backup_path | "{{ matrix_base_data_path }}/postgres-backup" | Storagepath for the database backups| +|`matrix_postgres_backup_enabled`|`false`|Set to true to use [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) to create automatic database backups| +|`matrix_postgres_backup_schedule`| `'@daily'` |Cron-schedule specifying the interval between postgres backups.| +|`matrix_postgres_backup_keep_days`|`"7"`|Number of daily backups to keep| +|`matrix_postgres_backup_keep_weeks`|`"4"`|Number of weekly backups to keep| +|`matrix_postgres_backup_keep_months`|`"12"`|Number of monthly backups to keep| +|`matrix_postgres_backup_path` | `"{{ matrix_base_data_path }}/postgres-backup"` | Storagepath for the database backups| + ## Installing @@ -19,4 +29,4 @@ After configuring the playbook, run the [installation](installing.md) command ag ``` ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start -``` \ No newline at end of file +``` diff --git a/docs/maintenance-postgres.md b/docs/maintenance-postgres.md index d43a5dc7..9b748d28 100644 --- a/docs/maintenance-postgres.md +++ b/docs/maintenance-postgres.md @@ -49,7 +49,9 @@ ansible-playbook -i inventory/hosts setup.yml --tags=run-postgres-vacuum,start ## Backing up PostgreSQL -To make a back up of the current PostgreSQL database, make sure it's running and then execute a command like this on the server: +To automatically make Postgres database backups on a fixed schedule, see [Setting up postgres backup](configuring-playbook-postgres-backup.md). + +To make a one off back up of the current PostgreSQL database, make sure it's running and then execute a command like this on the server: ```bash /usr/bin/docker exec \ From 6526087c146c61e9f75ef6b22ca9421d8bbebca8 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 5 Apr 2021 11:16:44 +0300 Subject: [PATCH 37/44] Announce automated local Postgres backup support --- CHANGELOG.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index fb55c7c2..326c2103 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,13 @@ +# 2021-04-05 + +## Automated local Postgres backup support + +Thanks to [foxcris](https://github.com/foxcris), the playbook can now make automated local Postgres backups on a fixed schedule using [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local). + +Additional details are available in [Setting up postgres backup](docs/configuring-playbook-postgres-backup.md). + + + # 2021-04-03 ## Mjolnir moderation tool (bot) support From 298556e02e12e51c72a1a67e3af83343e49d2b97 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 5 Apr 2021 11:22:26 +0300 Subject: [PATCH 38/44] Fix undefined matrix_postgres_backup_detected_version_corresponding_docker_image .. and prevent variable name overlap with `matrix-postgres` for the other variables as well. Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/868 --- .../util/detect_existing_postgres_version.yml | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml b/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml index da15a287..87a81f74 100644 --- a/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml +++ b/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml @@ -5,52 +5,52 @@ - name: Initialize Postgres version determination variables (default to empty) set_fact: - matrix_postgres_detection_pg_version_path: "{{ matrix_postgres_data_path }}/PG_VERSION" - matrix_postgres_detected_existing: false - matrix_postgres_detected_version: "" - matrix_postgres_detected_version_corresponding_docker_image: "" + matrix_postgres_backup_detection_pg_version_path: "{{ matrix_postgres_data_path }}/PG_VERSION" + matrix_postgres_backup_detected_existing: false + matrix_postgres_backup_detected_version: "" + matrix_postgres_backup_detected_version_corresponding_docker_image: "" - name: Determine existing Postgres version (check PG_VERSION file) stat: - path: "{{ matrix_postgres_detection_pg_version_path }}" + path: "{{ matrix_postgres_backup_detection_pg_version_path }}" register: result_pg_version_stat - set_fact: - matrix_postgres_detected_existing: true + matrix_postgres_backup_detected_existing: true when: "result_pg_version_stat.stat.exists" - name: Determine existing Postgres version (read PG_VERSION file) slurp: - src: "{{ matrix_postgres_detection_pg_version_path }}" + src: "{{ matrix_postgres_backup_detection_pg_version_path }}" register: result_pg_version - when: matrix_postgres_detected_existing|bool + when: matrix_postgres_backup_detected_existing|bool - name: Determine existing Postgres version (make sense of PG_VERSION file) set_fact: - matrix_postgres_detected_version: "{{ result_pg_version['content']|b64decode|replace('\n', '') }}" - when: matrix_postgres_detected_existing|bool + matrix_postgres_backup_detected_version: "{{ result_pg_version['content']|b64decode|replace('\n', '') }}" + when: matrix_postgres_backup_detected_existing|bool - name: Determine corresponding Docker image to detected version (assume default of latest) set_fact: matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_latest }}" - when: "matrix_postgres_detected_version != ''" + when: "matrix_postgres_backup_detected_version != ''" - name: Determine corresponding Docker image to detected version (use 9.x, if detected) set_fact: matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v9 }}" - when: "matrix_postgres_detected_version.startswith('9.')" + when: "matrix_postgres_backup_detected_version.startswith('9.')" - name: Determine corresponding Docker image to detected version (use 10.x, if detected) set_fact: matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v10 }}" - when: "matrix_postgres_detected_version == '10' or matrix_postgres_detected_version.startswith('10.')" + when: "matrix_postgres_backup_detected_version == '10' or matrix_postgres_backup_detected_version.startswith('10.')" - name: Determine corresponding Docker image to detected version (use 11.x, if detected) set_fact: matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v11 }}" - when: "matrix_postgres_detected_version == '11' or matrix_postgres_detected_version.startswith('11.')" + when: "matrix_postgres_backup_detected_version == '11' or matrix_postgres_backup_detected_version.startswith('11.')" - name: Determine corresponding Docker image to detected version (use 12.x, if detected) set_fact: matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v12 }}" - when: "matrix_postgres_detected_version == '12' or matrix_postgres_detected_version.startswith('12.')" + when: "matrix_postgres_backup_detected_version == '12' or matrix_postgres_backup_detected_version.startswith('12.')" From 1b55766927137f702e56c34b6d47fd66f744247f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 5 Apr 2021 11:32:19 +0300 Subject: [PATCH 39/44] Do not redefine matrix-postgres role vars in matrix-postgres-backup Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/868 --- group_vars/matrix_servers | 4 +++- roles/matrix-postgres-backup/defaults/main.yml | 8 +++++--- roles/matrix-postgres-backup/tasks/main.yml | 2 +- .../tasks/setup_postgres_backup.yml | 4 ++-- 4 files changed, 11 insertions(+), 7 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index bda429dc..06282dfa 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1786,6 +1786,8 @@ matrix_postgres_backup_connection_port: "{{ matrix_postgres_connection_port }}" matrix_postgres_backup_connection_username: "{{ matrix_postgres_connection_username }}" matrix_postgres_backup_connection_password: "{{ matrix_postgres_connection_password }}" +matrix_postgres_backup_postgres_data_path: "{{ matrix_postgres_data_path if matrix_postgres_enabled else '' }}" + # the default matrix synapse databse is not always part of the matrix_postgres_additional_databases variable thus we have to add it if the default database is used matrix_postgres_backup_databases: | {{ @@ -1800,4 +1802,4 @@ matrix_postgres_backup_databases: | # # /matrix-postgres-backup # -###################################################################### \ No newline at end of file +###################################################################### diff --git a/roles/matrix-postgres-backup/defaults/main.yml b/roles/matrix-postgres-backup/defaults/main.yml index 2f3dbc9e..cc2107f7 100644 --- a/roles/matrix-postgres-backup/defaults/main.yml +++ b/roles/matrix-postgres-backup/defaults/main.yml @@ -14,8 +14,10 @@ matrix_postgres_backup_healthcheck_port: "8080" matrix_postgres_backup_databases: [] matrix_postgres_backup_path: "{{ matrix_base_data_path }}/postgres-backup" -matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres" -matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data" +# Specifies where the Postgres data is. +# We use this to autodetect the Postgres version during playbook runtime (by parsing the `PG_VERSION` file contained there). +# You can leave this empty to prevent auto-detection. +matrix_postgres_backup_postgres_data_path: "" matrix_postgres_backup_architecture: amd64 @@ -35,4 +37,4 @@ matrix_postgres_backup_docker_image_latest: "{{ matrix_postgres_backup_docker_im # This variable is assigned at runtime. Overriding its value has no effect. matrix_postgres_backup_docker_image_to_use: '{{ matrix_postgres_backup_docker_image_latest }}' -matrix_postgres_backup_docker_image_force_pull: "{{ matrix_postgres_backup_docker_image_to_use.endswith(':latest') }}" \ No newline at end of file +matrix_postgres_backup_docker_image_force_pull: "{{ matrix_postgres_backup_docker_image_to_use.endswith(':latest') }}" diff --git a/roles/matrix-postgres-backup/tasks/main.yml b/roles/matrix-postgres-backup/tasks/main.yml index f819b8e9..40f4a8bf 100644 --- a/roles/matrix-postgres-backup/tasks/main.yml +++ b/roles/matrix-postgres-backup/tasks/main.yml @@ -14,4 +14,4 @@ when: run_setup|bool tags: - setup-all - - setup-postgres-backup \ No newline at end of file + - setup-postgres-backup diff --git a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml index 640d4f14..9761088d 100644 --- a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml +++ b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml @@ -4,14 +4,14 @@ # Tasks related to setting up an internal postgres server # - import_tasks: "{{ role_path }}/tasks/util/detect_existing_postgres_version.yml" - when: matrix_postgres_enabled|bool + when: 'matrix_postgres_backup_enabled|bool and matrix_postgres_backup_postgres_data_path != ""' # If we have found an existing version (installed from before), we use its corresponding Docker image. # If not, we install using the latest Postgres. # # Upgrading is supposed to be performed separately and explicitly (see `upgrade_postgres.yml`). - set_fact: - matrix_postgres_backup_docker_image_to_use: "{{ matrix_postgres_backup_docker_image_latest if matrix_postgres_backup_detected_version_corresponding_docker_image == '' else matrix_postgres_backup_detected_version_corresponding_docker_image }}" + matrix_postgres_backup_docker_image_to_use: "{{ matrix_postgres_backup_docker_image_latest if matrix_postgres_backup_detected_version_corresponding_docker_image|default('') == '' else matrix_postgres_backup_detected_version_corresponding_docker_image }}" when: matrix_postgres_backup_enabled|bool - name: Ensure postgres backup Docker image is pulled From 832e191ab8b20ed2a1b0e5cdae9c9b6c8ba1e560 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 5 Apr 2021 11:32:46 +0300 Subject: [PATCH 40/44] Fix incorrect variable usage in when statement Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/868 --- roles/matrix-postgres-backup/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-postgres-backup/tasks/main.yml b/roles/matrix-postgres-backup/tasks/main.yml index 40f4a8bf..19e3db5b 100644 --- a/roles/matrix-postgres-backup/tasks/main.yml +++ b/roles/matrix-postgres-backup/tasks/main.yml @@ -5,7 +5,7 @@ - always - import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup|bool and matrix_postgres_enabled|bool" + when: "run_setup|bool and matrix_postgres_backup_enabled|bool" tags: - setup-all - setup-postgres-backup From c386e8e9dba0e754106ab2ef4348b40c797e32c4 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 5 Apr 2021 11:38:23 +0300 Subject: [PATCH 41/44] Use integers for some variables Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/868 --- docs/configuring-playbook-postgres-backup.md | 6 +++--- roles/matrix-postgres-backup/defaults/main.yml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/configuring-playbook-postgres-backup.md b/docs/configuring-playbook-postgres-backup.md index 2b58b1aa..2d878c11 100644 --- a/docs/configuring-playbook-postgres-backup.md +++ b/docs/configuring-playbook-postgres-backup.md @@ -17,9 +17,9 @@ Refer to the table below for additional configuration variables and their defaul | :-------------------------------- | :--------------------------- | :--------------------------------------------------------------- | |`matrix_postgres_backup_enabled`|`false`|Set to true to use [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) to create automatic database backups| |`matrix_postgres_backup_schedule`| `'@daily'` |Cron-schedule specifying the interval between postgres backups.| -|`matrix_postgres_backup_keep_days`|`"7"`|Number of daily backups to keep| -|`matrix_postgres_backup_keep_weeks`|`"4"`|Number of weekly backups to keep| -|`matrix_postgres_backup_keep_months`|`"12"`|Number of monthly backups to keep| +|`matrix_postgres_backup_keep_days`|`7`|Number of daily backups to keep| +|`matrix_postgres_backup_keep_weeks`|`4`|Number of weekly backups to keep| +|`matrix_postgres_backup_keep_months`|`12`|Number of monthly backups to keep| |`matrix_postgres_backup_path` | `"{{ matrix_base_data_path }}/postgres-backup"` | Storagepath for the database backups| diff --git a/roles/matrix-postgres-backup/defaults/main.yml b/roles/matrix-postgres-backup/defaults/main.yml index cc2107f7..d34e95a2 100644 --- a/roles/matrix-postgres-backup/defaults/main.yml +++ b/roles/matrix-postgres-backup/defaults/main.yml @@ -7,9 +7,9 @@ matrix_postgres_backup_connection_password: "" matrix_postgres_backup_extra_opts: "-Z9 --schema=public --blobs" matrix_postgres_backup_schedule: "@daily" -matrix_postgres_backup_keep_days: "7" -matrix_postgres_backup_keep_weeks: "4" -matrix_postgres_backup_keep_months: "12" +matrix_postgres_backup_keep_days: 7 +matrix_postgres_backup_keep_weeks: 4 +matrix_postgres_backup_keep_months: 12 matrix_postgres_backup_healthcheck_port: "8080" matrix_postgres_backup_databases: [] matrix_postgres_backup_path: "{{ matrix_base_data_path }}/postgres-backup" From a1a0d9160410ec3e1a9fe66ad3cafb533cb6fa65 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 6 Apr 2021 12:23:43 +0300 Subject: [PATCH 42/44] Make prometheus-node-exporter not overlap with Synapse metrics port This was causing a port conflict when `matrix_nginx_proxy_enabled: false`. Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/983 --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 06282dfa..abb12a12 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1677,7 +1677,7 @@ matrix_prometheus_node_exporter_enabled: false # Normally, matrix-nginx-proxy is enabled and nginx can reach Prometheus Node Exporter over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose # Prometheus' HTTP port to the local host. -matrix_prometheus_node_exporter_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9100' }}" +matrix_prometheus_node_exporter_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9200' }}" ###################################################################### # From 3f426de5996bed4f587a27ad46ec4613cc6c81f0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 6 Apr 2021 16:00:10 +0300 Subject: [PATCH 43/44] Upgrade Synapse (1.30.1 -> 1.31.0) --- roles/matrix-synapse/defaults/main.yml | 2 +- .../templates/synapse/homeserver.yaml.j2 | 56 +++++++++---------- roles/matrix-synapse/vars/workers.yml | 5 +- 3 files changed, 28 insertions(+), 35 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index a68def4b..155fd5f5 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -15,7 +15,7 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont # amd64 gets released first. # arm32 relies on self-building, so the same version can be built immediately. # arm64 users need to wait for a prebuilt image to become available. -matrix_synapse_version: v1.30.1 +matrix_synapse_version: v1.31.0 matrix_synapse_version_arm64: v1.30.1 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 4be50524..ace2dd45 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -869,10 +869,10 @@ rc_admin_redaction: {{ matrix_synapse_rc_admin_redaction|to_json }} #rc_joins: # local: # per_second: 0.1 -# burst_count: 3 +# burst_count: 10 # remote: # per_second: 0.01 -# burst_count: 3 +# burst_count: 10 rc_joins: {{ matrix_synapse_rc_joins|to_json }} # #rc_3pid_validation: @@ -1772,6 +1772,9 @@ saml2_config: # Note that, if this is changed, users authenticating via that provider # will no longer be recognised as the same user! # +# (Use "oidc" here if you are migrating from an old "oidc_config" +# configuration.) +# # idp_name: A user-facing name for this identity provider, which is used to # offer the user a choice of login mechanisms. # @@ -1887,6 +1890,24 @@ saml2_config: # which is set to the claims returned by the UserInfo Endpoint and/or # in the ID Token. # +# It is possible to configure Synapse to only allow logins if certain attributes +# match particular values in the OIDC userinfo. The requirements can be listed under +# `attribute_requirements` as shown below. All of the listed attributes must +# match for the login to be permitted. Additional attributes can be added to +# userinfo by expanding the `scopes` section of the OIDC config to retrieve +# additional information from the OIDC provider. +# +# If the OIDC claim is a list, then the attribute must match any value in the list. +# Otherwise, it must exactly match the value of the claim. Using the example +# below, the `family_name` claim MUST be "Stephensson", but the `groups` +# claim MUST contain "admin". +# +# attribute_requirements: +# - attribute: family_name +# value: "Stephensson" +# - attribute: groups +# value: "admin" +# # See https://github.com/matrix-org/synapse/blob/master/docs/openid.md # for information on how to configure these options. # @@ -1918,34 +1939,9 @@ oidc_providers: # localpart_template: "{% raw %}{{ user.login }}{% endraw %}" # display_name_template: "{% raw %}{{ user.name }}{% endraw %}" # email_template: "{% raw %}{{ user.email }}{% endraw %}" - - # For use with Keycloak - # - #- idp_id: keycloak - # idp_name: Keycloak - # issuer: "https://127.0.0.1:8443/auth/realms/my_realm_name" - # client_id: "synapse" - # client_secret: "copy secret generated in Keycloak UI" - # scopes: ["openid", "profile"] - - # For use with Github - # - #- idp_id: github - # idp_name: Github - # idp_brand: github - # discover: false - # issuer: "https://github.com/" - # client_id: "your-client-id" # TO BE FILLED - # client_secret: "your-client-secret" # TO BE FILLED - # authorization_endpoint: "https://github.com/login/oauth/authorize" - # token_endpoint: "https://github.com/login/oauth/access_token" - # userinfo_endpoint: "https://api.github.com/user" - # scopes: ["read:user"] - # user_mapping_provider: - # config: - # subject_claim: "id" - # localpart_template: "{% raw %}{{ user.login }}{% endraw %}" - # display_name_template: "{% raw %}{{ user.name }}{% endraw %}" + # attribute_requirements: + # - attribute: userGroup + # value: "synapseUsers" # Enable Central Authentication Service (CAS) for registration and login. diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml index 14b75a92..c989fb5b 100644 --- a/roles/matrix-synapse/vars/workers.yml +++ b/roles/matrix-synapse/vars/workers.yml @@ -55,9 +55,6 @@ matrix_synapse_workers_generic_worker_endpoints: # Registration/login requests - ^/_matrix/client/(api/v1|r0|unstable)/login$ - ^/_matrix/client/(r0|unstable)/register$ - # FIXME: possible bug with SSO and multiple generic workers - # see https://github.com/matrix-org/synapse/issues/7530 - # ^/_matrix/client/(r0|unstable)/auth/.*/fallback/web$ # Event sending requests - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/redact @@ -107,7 +104,7 @@ matrix_synapse_workers_generic_worker_endpoints: # Ensure that all SSO logins go to a single process. # For multiple workers not handling the SSO endpoints properly, see - # [#7530](https://github.com/matrix-org/synapse/issues/7530) and + # [#7530](https://github.com/matrix-org/synapse/issues/7530) and # [#9427](https://github.com/matrix-org/synapse/issues/9427). # Note that a HTTP listener with `client` and `federation` resources must be From 4830b7d830513cfcfe31daa182c756d4d21d2189 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 6 Apr 2021 17:22:25 +0300 Subject: [PATCH 44/44] Upgrade Synapse for ARM64 (1.30.1 -> 1.31.0) --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 155fd5f5..bb76821e 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -16,7 +16,7 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont # arm32 relies on self-building, so the same version can be built immediately. # arm64 users need to wait for a prebuilt image to become available. matrix_synapse_version: v1.31.0 -matrix_synapse_version_arm64: v1.30.1 +matrix_synapse_version_arm64: v1.31.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"