Do not fail if _matrix-identity DNS SRV record missing

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/963 This also simplifies Prerequisites, which is great. It'd be nice if we were doing these checks in some optional manner and reporting them as helpful messages (using `matrix_playbook_runtime_results`), but that's more complicated. I'd rather drop these checks completely.
2025-10-31 07:17:57 +01:00 · 2021-03-30 11:24:04 +03:00
parent 5e1cf7f8b9
commit 93960b70be
4 changed files with 0 additions and 100 deletions
--- a/docs/prerequisites.md
+++ b/docs/prerequisites.md
@@ -20,8 +20,6 @@ If your distro runs within an [LXC container](https://linuxcontainers.org/), you

 - The [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible.

- Either the `dig` tool or `python-dns` installed on your own computer. Used later on, by the playbook's [services check](maintenance-checking-services.md) feature.
-
 - An HTTPS-capable web server at the base domain name (`<your-domain>`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md).

 - Properly configured DNS records for `<your-domain>` (details in [Configuring DNS](configuring-dns.md)).
--- a/roles/matrix-base/tasks/main.yml
+++ b/roles/matrix-base/tasks/main.yml
@@ -32,10 +32,3 @@
    - setup-ma1sd
    - setup-synapse
    - setup-nginx-proxy
-
- import_tasks: "{{ role_path }}/tasks/self_check_dns.yml"
-  delegate_to: 127.0.0.1
-  become: false
-  when: run_self_check|bool
-  tags:
-    - self-check
--- a/roles/matrix-base/tasks/self_check_dns.yml
+++ b/roles/matrix-base/tasks/self_check_dns.yml
@@ -1,23 +0,0 @@
---
-
- set_fact:
-    dns_srv_record_checks: []
-
- block:
-    - set_fact:
-        dns_srv_record_check_ma1sd:
-          service_and_protocol: "_matrix-identity._tcp"
-          domain: "{{ (matrix_domain + '.') }}"
-          expected_target: "{{ (matrix_server_fqn_matrix + '.') }}"
-          expected_port: 443
-
-    - name: Determine domains that we require certificates for (ma1sd)
-      set_fact:
-        dns_srv_record_checks: "{{ dns_srv_record_checks + [dns_srv_record_check_ma1sd] }}"
-  when: matrix_ma1sd_enabled|bool
-
- name: Perform DNS SRV checks
-  include_tasks: "{{ role_path }}/tasks/self_check_dns_srv.yml"
-  with_items: "{{ dns_srv_record_checks }}"
-  loop_control:
-    loop_var: dns_srv_record_check
--- a/roles/matrix-base/tasks/self_check_dns_srv.yml
+++ b/roles/matrix-base/tasks/self_check_dns_srv.yml
@@ -1,68 +0,0 @@
---
-
-# This requires the dnspython library which is usually unavailable.
- name: Check DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }} using Ansible dig lookup
-  set_fact:
-    lookup_dig_srv: "{{ lookup('dig', (dns_srv_record_check.service_and_protocol + '.' + dns_srv_record_check.domain + '/SRV'), 'flat=0', wantlist=False) }}"
-  register: result_lookup_dig_srv
-  ignore_errors: true
-
- name: Fail if DNS SRV check via Ansible dig lookup failed for non-dependency reason
-  fail:
-    msg: "DNS SRV record check via Ansible dig lookup plugin (which uses the dnspython package) failed. Error is: {{ result_lookup_dig_srv.msg }}"
-  when: "result_lookup_dig_srv.failed and 'dnspython' not in result_lookup_dig_srv.msg"
-
-# Fallback to using the dig CLI tool if dnspython was unavailable.
- name: Check DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }} using dig CLI tool
-  shell:
-    cmd: "dig -t srv {{ (dns_srv_record_check.service_and_protocol + '.' + dns_srv_record_check.domain)|quote }}"
-  register: result_cli_dig_srv
-  changed_when: false
-  ignore_errors: true
-  when: "lookup_dig_srv is not defined"
-
- name: Fail if dig CLI used and failed
-  fail:
-    msg: >-
-      Failed performing DNS SRV record check.
-      You neither have the `dnspython` Python package, nor the `dig` program installed locally.
-      You need to install one of those, so we could perform a DNS SRV record check.
-      Full error from trying to run `dig`: {{ result_cli_dig_srv }}
-  when: "lookup_dig_srv is not defined and result_cli_dig_srv.stderr != ''"
-
-# Some DNS servers may respond with '' (stands for "No Answer").
-# Most usually, a missing record would yield a 'NXDOMAIN' response.
-# In any case, we consider any non-mapping response to mean "missing record".
- name: Fail if DNS SRV record missing (Ansible dig lookup)
-  fail:
-    msg: >-
-      It appears the DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }} is not set up correctly (the record is missing).
-      See the 'Configuring DNS' documentation for this playbook.
-  when: "lookup_dig_srv is defined and lookup_dig_srv is not mapping"
-
- name: Fail if DNS SRV record incorrect (Ansible dig lookup)
-  fail:
-    msg: >-
-      It appears the DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }} is not set up correctly.
-      Expected it to point to `{{ dns_srv_record_check.expected_target }}` (port {{ dns_srv_record_check.expected_port }}).
-      Found it pointing to `{{ lookup_dig_srv.target }}` (port {{ lookup_dig_srv.port }}).
-      See the 'Configuring DNS' documentation for this playbook.
-  when: "lookup_dig_srv is defined and (lookup_dig_srv.target != dns_srv_record_check.expected_target or lookup_dig_srv.port != dns_srv_record_check.expected_port)"
-
-# We expect an answer like this:
-# ;; ANSWER SECTION:
-# _matrix._tcp.DOMAIN. 10800	IN	SRV	10 0 8448 matrix.DOMAIN.
- name: Fail if DNS SRV record missing or incorrect (dig CLI tool)
-  fail:
-    msg: >-
-      It appears the DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }} is not set up correctly.
-      Expected it to point to `{{ dns_srv_record_check.expected_target }}` (port {{ dns_srv_record_check.expected_port }}).
-      See the 'Configuring DNS' documentation for this playbook.
-      Full response from the `dig` lookup was: {{ result_cli_dig_srv }}
-  when: "lookup_dig_srv is not defined and (dns_srv_record_check.expected_port|string + ' ' + dns_srv_record_check.expected_target) not in result_cli_dig_srv.stdout"
-
- name: Report correct DNS SRV record
-  debug:
-    msg: >-
-      The DNS SRV record for `{{ dns_srv_record_check.service_and_protocol }}` on `{{ dns_srv_record_check.domain }}`
-      points to `{{ dns_srv_record_check.expected_target }}` (port {{ dns_srv_record_check.expected_port }}), as expected.