Upgrade Synapse (1.46.0 -> 1.47.0)

We had to remove UID/GID environment variables that we used to pass
to the Synapse container, because it was causing a problem after
https://github.com/matrix-org/synapse/pull/11209

We were using both `--user` and UID/GID environment variables until now.
This commit is contained in:
Slavi Pantaleev 2021-11-17 17:21:15 +02:00
parent 75cb4ce3b0
commit e1a6d1e4b2
6 changed files with 36 additions and 23 deletions

View file

@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
# amd64 gets released first.
# arm32 relies on self-building, so the same version can be built immediately.
# arm64 users need to wait for a prebuilt image to become available.
matrix_synapse_version: v1.46.0
matrix_synapse_version_arm64: v1.46.0
matrix_synapse_version: v1.47.0
matrix_synapse_version_arm64: v1.47.0
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"

View file

@ -67,8 +67,6 @@
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
--cap-drop=ALL
--mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/data
-e UID={{ matrix_user_uid }}
-e GID={{ matrix_user_gid }}
-e SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
-e SYNAPSE_SERVER_NAME={{ matrix_server_fqn_matrix }}
-e SYNAPSE_REPORT_STATS=no

View file

@ -66,8 +66,28 @@ pid_file: /homeserver.pid
# Otherwise, it should be the URL to reach Synapse's client HTTP listener (see
# 'listeners' below).
#
# Defaults to 'https://<server_name>/'.
#
public_baseurl: https://{{ matrix_server_fqn_matrix }}/
# Uncomment the following to tell other servers to send federation traffic on
# port 443.
#
# By default, other servers will try to reach our server on port 8448, which can
# be inconvenient in some environments.
#
# Provided 'https://<server_name>/' on port 443 is routed to Synapse, this
# option configures Synapse to serve a file at
# 'https://<server_name>/.well-known/matrix/server'. This will tell other
# servers to send traffic to port 443 instead.
#
# See https://matrix-org.github.io/synapse/latest/delegate.html for more
# information.
#
# Defaults to 'false'.
#
#serve_server_wellknown: true
# Set the soft limit on the number of file descriptors synapse can use
# Zero is used to indicate synapse should set the soft limit to the
# hard limit.
@ -1271,7 +1291,7 @@ allow_guest_access: {{ matrix_synapse_allow_guest_access|to_json }}
# in on this server.
#
# (By default, no suggestion is made, so it is left up to the client.
# This setting is ignored unless public_baseurl is also set.)
# This setting is ignored unless public_baseurl is also explicitly set.)
#
#default_identity_server: https://matrix.org
@ -1296,8 +1316,6 @@ allow_guest_access: {{ matrix_synapse_allow_guest_access|to_json }}
# by the Matrix Identity Service API specification:
# https://matrix.org/docs/spec/identity_service/latest
#
# If a delegate is specified, the config option public_baseurl must also be filled out.
#
account_threepid_delegates:
email: {{ matrix_synapse_account_threepid_delegates_email|to_json }}
msisdn: {{ matrix_synapse_account_threepid_delegates_msisdn|to_json }}
@ -1990,11 +2008,10 @@ sso:
# phishing attacks from evil.site. To avoid this, include a slash after the
# hostname: "https://my.client/".
#
# If public_baseurl is set, then the login fallback page (used by clients
# that don't natively support the required login flows) is whitelisted in
# addition to any URLs in this list.
# The login fallback page (used by clients that don't natively support the
# required login flows) is whitelisted in addition to any URLs in this list.
#
# By default, this list is empty.
# By default, this list contains only the login fallback page.
#
#client_whitelist:
# - https://riot.im/develop

View file

@ -17,8 +17,6 @@ ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart={{ matrix_host_command_docker }} run --rm --name {{ matrix_synapse_worker_container_name }} \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
-e UID={{ matrix_user_uid }} \
-e GID={{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \

View file

@ -33,8 +33,6 @@ ExecStartPre={{ matrix_host_command_sleep }} 3
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--env=UID={{ matrix_user_uid }} \
--env=GID={{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \

View file

@ -319,7 +319,9 @@ matrix_synapse_workers_frontend_proxy_endpoints:
# the `worker_main_http_uri` setting in the `frontend_proxy` worker configuration
# file. For example:
# worker_main_http_uri: http://127.0.0.1:{{ matrix_synapse_container_client_api_port }}
# ```yaml
# worker_main_http_uri: http://127.0.0.1:8008
# ```
matrix_synapse_workers_avail_list:
- appservice