Commit Graph

182 Commits

Author SHA1 Message Date
Michael Collins
41c335b967 merge upstream 2021-08-17 13:20:39 +08:00
Michael Collins
98e6cd685d sync with previous repo 2021-08-13 16:05:57 +08:00
Toni Spets
bce94c5860 Allow configuring synapse database transaction limit 2021-08-10 21:09:28 +03:00
Slavi Pantaleev
05ad620386 Update homeserver.yaml to keep up with Synapse v1.40.0
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1225
2021-08-10 17:36:44 +03:00
Slavi Pantaleev
179775b92d Upgrade Synapse (1.38.1 -> 1.39.0) 2021-07-29 18:51:22 +03:00
Slavi Pantaleev
3da4b684a5 Upgrade Synapse (1.36.0 -> 1.37.0) 2021-06-29 13:55:09 +03:00
Slavi Pantaleev
9daeb39710 Upgrade Synapse (1.35.1 -> 1.36.0) 2021-06-15 19:25:41 +03:00
Slavi Pantaleev
b1f1c28ef0 Upgrade Synapse (1.34.0 -> 1.35.0) 2021-06-01 19:14:59 +03:00
Ahmad Haghighi
209d59070e Avoiding if(s), fix #1083
Conversation: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1083#discussion_r638671860

Signed-off-by: Ahmad Haghighi <haghighi@fedoraproject.org>
2021-05-25 15:41:58 +04:30
Ahmad Haghighi
ee088d5d46 Synapse LDAP auth: add support for Active Directory
Signed-off-by: Ahmad Haghighi <haghighi@fedoraproject.org>
2021-05-25 15:36:41 +04:30
Slavi Pantaleev
d156c8caa2 Upgrade Synapse (1.33.2 -> 1.34.0) 2021-05-17 14:58:07 +03:00
Slavi Pantaleev
d4d1e2e922 Upgrade Synapse (1.32.2 -> 1.33.0) 2021-05-05 19:18:53 +03:00
Slavi Pantaleev
e3fa3e12bc Upgrade Synapse (1.31 -> 1.32.2) 2021-04-22 14:22:07 +03:00
Slavi Pantaleev
378fabf177 Revert "Upgrade Synapse (1.31 -> 1.32.1)"
This reverts commit 1fb54a37cb.

Seems like it's been pulled or something. It used to exist, but not
anymore. Not sure what's going on.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1017

Related to
https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1010
2021-04-21 23:36:58 +03:00
Slavi Pantaleev
1fb54a37cb Upgrade Synapse (1.31 -> 1.32.1)
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1010
2021-04-21 18:47:15 +03:00
Slavi Pantaleev
ca786cc343 Revert "Upgrade Synapse (1.31 -> 1.32)"
This reverts commit f825c7c263.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1010
2021-04-20 23:40:55 +03:00
Slavi Pantaleev
f825c7c263 Upgrade Synapse (1.31 -> 1.32) 2021-04-20 17:47:34 +03:00
Slavi Pantaleev
3f426de599 Upgrade Synapse (1.30.1 -> 1.31.0) 2021-04-06 16:00:10 +03:00
Slavi Pantaleev
d09609daa8 Fix Jinja2 syntax error
Fixes a regression introduced in ffe649a240
2021-03-22 17:13:10 +02:00
Slavi Pantaleev
ffe649a240 Update homeserver.yaml to keep up with Synapse v1.30.0
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/958
2021-03-22 16:43:10 +02:00
Slavi Pantaleev
f99dcd611f Pass proper UID/GID to Synapse
Fixes a regression caused by a5ee39266c.

If the user id and group id were different than 991:991
(which used to be a hardcoded default for us long ago),
there was a mismatch between what Synapse was trying to use (991:991)
and what it was actually started with (in `--user=..`). It was then
trying to change ownership, which was failing.

This was mostly affecting newer installations which were not using the
991:991 defaults we had long ago (since a1c5a197a9).
2021-03-19 16:44:10 +02:00
Slavi Pantaleev
a5ee39266c Go through start.py when launching Synapse
This allows us to benefit from helpful things it does for us,
like enabling jemalloc: https://github.com/matrix-org/synapse/pull/8553

We weren't going through `start.py` before, because it was causing some
conflict with our `docker run --user=...` stuff, but it doesn't seem
to be a problem anymore.

Having done this, we won't need to do things like
https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/941
anymore.
2021-03-19 08:16:59 +02:00
Pablo Montepagano
52fe8a05b0 Adding vars to synapse for private servers. 2021-03-14 00:39:44 -03:00
Slavi Pantaleev
9b72384df7 Upgrade Synapse (1.28.0 -> 1.29.0) 2021-03-08 17:24:09 +02:00
Slavi Pantaleev
ae091d7b2d Upgrade Synapse (v1.27.0 -> v1.28.0) 2021-02-25 13:40:35 +02:00
Slavi Pantaleev
2ef1d9c537 Make healthchecks work for Synapse worker containers
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/456
2021-02-24 07:59:14 +02:00
Slavi Pantaleev
daae74b074 Merge branch 'master' into synapse-workers 2021-02-16 17:31:40 +02:00
Slavi Pantaleev
521160c12f Upgrade Synapse (v1.26.0 -> v1.27.0) 2021-02-16 17:30:48 +02:00
Slavi Pantaleev
43059bb040 Fix metrics listeners for Synapse workers
`::` leads to errors like:

> socket.gaierror: [Errno -9] Address family for hostname not supported
2021-02-15 11:19:07 +02:00
Slavi Pantaleev
5cfeae806b Merge branch 'master' into synapse-workers 2021-02-14 13:00:57 +02:00
Slavi Pantaleev
7e8e95a09a Make S3-mounting path configurable
This will make data migration easier.
2021-02-09 22:05:07 +02:00
Slavi Pantaleev
1cd2a218de Merge branch 'master' into synapse-workers 2021-01-27 21:41:54 +02:00
Slavi Pantaleev
c6feb0b99e Upgrade Synapse (v1.25.0 -> v1.26.0) 2021-01-27 21:41:47 +02:00
Slavi Pantaleev
d98a1ceadd Merge branch 'master' into synapse-workers 2021-01-27 10:27:17 +02:00
Slavi Pantaleev
512f42aa76 Do not report docker kill/rm attempts as errors
These are just defensive cleanup tasks that we run.
In the good case, there's nothing to kill or remove, so they trigger an
error like this:

> Error response from daemon: Cannot kill container: something: No such container: something

and:

> Error: No such container: something

People often ask us if this is a problem, so instead of always having to
answer with "no, this is to be expected", we'd rather eliminate it now
and make logs cleaner.

In the event that:
- a container is really stuck and needs cleanup using kill/rm
- and cleanup fails, and we fail to report it because of error
suppression (`2>/dev/null`)

.. we'd still get an error when launching ("container name already in use .."),
so it shouldn't be too hard to investigate.
2021-01-27 10:22:46 +02:00
Slavi Pantaleev
66cdc7bf5a Clean up worker.yaml generation a bit and make it more flexible 2021-01-25 13:02:01 +02:00
Slavi Pantaleev
1462409b34 Fix worker listening addresses
Not specifying bind addresses for the worker resulted in this warning:

> synapse.app - 47 - WARNING - None - Failed to listen on 0.0.0.0, continuing because listening on [::]

Additionally, metrics listening only on 127.0.0.1 seems like a no-op.
Only having it accessible from within the container is likely not what
we intend. Changed that to all interfaces as well.

Whether it actually gets exposed or not depends on the systemd service
and `matrix_synapse_workers_container_host_bind_address`.
2021-01-25 12:29:47 +02:00
Slavi Pantaleev
01747c8cc4 Prevent Synapse warning about enabling metric listeners with enable_metrics: false
> synapse.app.generic_worker - 606 - WARNING - None - Metrics listener configured, but enable_metrics is not True!
2021-01-25 12:24:12 +02:00
Slavi Pantaleev
70796703d3 Run Synapse workers in their own containers
This switches the `docker exec` method of spawning
Synapse workers inside the `matrix-synapse` container with
dedicated containers for each worker.

We also have dedicated systemd services for each worker,
so this are now:
- more consistent with everything else (we don't use systemd
instantiated services anywhere)
- we don't need the "parse systemd instance name into worker name +
port" part
- we don't need to keep track of PIDs manually
- we don't need jq (less depenendencies)
- workers dying would be restarted by systemd correctly, like any other
service
- `docker ps` shows each worker separately and we can observe resource
usage
2021-01-25 12:14:46 +02:00
Slavi Pantaleev
63301b0ef1 Improvements around Synapse worker/metrics ports exposure
There was a `matrix_nginx_proxy_enabled|default(False)` check, but:
- it didn't seem to work reliably for some reason (hmm)
- referring to a `matrix_nginx_proxy_*` variable from within the
  `matrix-synapse` role is not ideal
- exposing always happened on `127.0.0.1`, which may not be good enough
  for some rarer setups (where the own webserver is external to the host)
2021-01-25 08:25:43 +02:00
Marcel Partap
edc21f15e5 Restrict publishing worker (metrics) ports to localhost 2021-01-24 08:53:09 +01:00
Marcel Partap
183adec3d8 Merge remote-tracking branch 'origin/master' into synapse-workers 2021-01-23 15:04:11 +01:00
Marcel Partap
f2c7d79238 Drop probably incorrect comment from synapse homeserver.yaml.j2 2021-01-23 14:44:36 +01:00
Slavi Pantaleev
1692a28fe4 Work around annoying Docker warning about undefined $HOME
> WARNING: Error loading config file: .dockercfg: $HOME is not defined

.. which appeared in Docker 20.10.
2021-01-15 00:23:01 +02:00
Slavi Pantaleev
d5945c6e78 Upgrade Synapse (v1.24.0 -> v1.25.0) for amd64 2021-01-13 13:02:49 +02:00
Marcel Partap
cd8100544b Merge remote-tracking branch 'origin/master' into synapse-workers
Sync with upstream
2021-01-08 20:58:50 +01:00
Slavi Pantaleev
d08b27784f Fix systemd services autostart problem with Docker 20.10
The Docker 19.04 -> 20.10 upgrade contains the following change
in `/usr/lib/systemd/system/docker.service`:

```
-BindsTo=containerd.service
-After=network-online.target firewalld.service containerd.service
+After=network-online.target firewalld.service containerd.service multi-user.target
-Requires=docker.socket
+Requires=docker.socket containerd.service
Wants=network-online.target
```

The `multi-user.target` requirement in `After` seems to be in conflict
with our `WantedBy=multi-user.target` and `After=docker.service` /
`Requires=docker.service` definitions, causing the following error on
startup for all of our systemd services:

> Job matrix-synapse.service/start deleted to break ordering cycle starting with multi-user.target/start

A workaround which appears to work is to add `DefaultDependencies=no`
to all of our services.
2020-12-10 11:43:20 +02:00
Slavi Pantaleev
aa86e0dac6 Upgrade Synapse (v1.23.0 -> v1.24.0)
Because the ARM images are not pushed yet, we hold back to v1.23.0
for now.
2020-12-09 13:31:10 +02:00
Slavi Pantaleev
c07c927d9f Automatically enable openid listeners when ma1sd enabled
ma1sd requires the openid endpoints for certain functionality.
Example: 90b2b5301c/src/main/java/io/kamax/mxisd/auth/AccountManager.java (L67-L99)

If federation is disabled, we still need to expose these openid APIs on the
federation port.

Previously, we were doing similar magic for Dimension.
As per its documentation, when running unfederated, one is to enable
the openid listener as well. As per their recommendation, people
are advised to do enable it on the Client-Server API port
and use the `federationUrl` variable to override where the federation
port is (making federation requests go to the Client-Server API).

Because ma1sd always uses the federation port (unless you do some
DNS overwriting magic using its configuration -- which we'd rather not
do), it's better if we just default to putting the `openid` listener
where it belongs - on the federation port.

With this commit, we retain the "automatically enable openid APIs" thing
we've been doing for Dimension, but move it to the federation port instead.
We also now do the same thing when ma1sd is enabled.
2020-12-08 16:59:20 +02:00
Marcel Partap
e892ac464f synapse workers: untangle config template and specify bind address
.. to mitigate log noise - WARNING:
Failed to listen on 0.0.0.0, continuing because listening on [::]
2020-12-01 23:49:23 +01:00