begin to phase in synapse-admin
This commit is contained in:
parent
b05d427995
commit
574ad5d60e
15 changed files with 3407 additions and 14 deletions
|
@ -39,31 +39,17 @@ runa:
|
||||||
hosts:
|
hosts:
|
||||||
mtx-elem-1.lat.internal.ru.com:
|
mtx-elem-1.lat.internal.ru.com:
|
||||||
matrix_service: "elementweb"
|
matrix_service: "elementweb"
|
||||||
docker_compose:
|
|
||||||
- elementweb
|
|
||||||
mtx-elem-2.lat.internal.ru.com:
|
mtx-elem-2.lat.internal.ru.com:
|
||||||
matrix_service: "elementweb"
|
matrix_service: "elementweb"
|
||||||
docker_compose:
|
|
||||||
- elementweb
|
|
||||||
mtx-syna-1.lat.internal.ru.com:
|
mtx-syna-1.lat.internal.ru.com:
|
||||||
matrix_service: "synapse"
|
matrix_service: "synapse"
|
||||||
docker_compose:
|
|
||||||
- synapse
|
|
||||||
nfs:
|
nfs:
|
||||||
enabled: true
|
enabled: true
|
||||||
mtx-syna-2.lat.internal.ru.com:
|
mtx-syna-2.lat.internal.ru.com:
|
||||||
matrix_service: "synapse"
|
matrix_service: "synapse"
|
||||||
docker_compose:
|
|
||||||
- synapse
|
|
||||||
nfs:
|
nfs:
|
||||||
enabled: true
|
enabled: true
|
||||||
mtx-mngm-1.lat.internal.ru.com:
|
mtx-mngm-1.lat.internal.ru.com:
|
||||||
matrix_service: "synapse-admin"
|
matrix_service: "synapse-admin"
|
||||||
has_ssl_certificates: false
|
|
||||||
docker_compose:
|
|
||||||
- synapse-admin
|
|
||||||
mtx-mngm-2.lat.internal.ru.com:
|
mtx-mngm-2.lat.internal.ru.com:
|
||||||
matrix_service: "synapse-admin"
|
matrix_service: "synapse-admin"
|
||||||
has_ssl_certificates: false
|
|
||||||
docker_compose:
|
|
||||||
- synapse-admin
|
|
||||||
|
|
|
@ -44,3 +44,9 @@
|
||||||
tags:
|
tags:
|
||||||
- turn
|
- turn
|
||||||
when: matrix_service == "turn"
|
when: matrix_service == "turn"
|
||||||
|
- name: Add synapse-admin
|
||||||
|
include_role:
|
||||||
|
name: synapse-admin
|
||||||
|
tags:
|
||||||
|
- synapse-admin
|
||||||
|
when: matrix_service == "synapse-admin"
|
||||||
|
|
5
ansible/roles/synapse-admin/files/basedir/.env
Normal file
5
ansible/roles/synapse-admin/files/basedir/.env
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
SYNAPSE_VERSION=v1.96.1
|
||||||
|
NGINX_VERSION=1.25.3-alpine
|
||||||
|
|
||||||
|
SYNAPSE_SERVER_NAME=corp-serv.net
|
||||||
|
NGINX_SYNAPSE_FQDN=synapse.corp-apps.com
|
2993
ansible/roles/synapse-admin/files/basedir/config/homeserver.yaml
Executable file
2993
ansible/roles/synapse-admin/files/basedir/config/homeserver.yaml
Executable file
File diff suppressed because it is too large
Load diff
42
ansible/roles/synapse-admin/files/basedir/config/log-worker-federation.yaml
Executable file
42
ansible/roles/synapse-admin/files/basedir/config/log-worker-federation.yaml
Executable file
|
@ -0,0 +1,42 @@
|
||||||
|
version: 1
|
||||||
|
|
||||||
|
formatters:
|
||||||
|
fmt:
|
||||||
|
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
|
||||||
|
|
||||||
|
filters:
|
||||||
|
context:
|
||||||
|
(): synapse.logging.context.LoggingContextFilter
|
||||||
|
request: ""
|
||||||
|
|
||||||
|
handlers:
|
||||||
|
console:
|
||||||
|
class: logging.StreamHandler
|
||||||
|
formatter: fmt
|
||||||
|
filters: [context]
|
||||||
|
file:
|
||||||
|
class: logging.handlers.TimedRotatingFileHandler
|
||||||
|
formatter: fmt
|
||||||
|
filename: /logs/worker-federation.log
|
||||||
|
when: midnight
|
||||||
|
backupCount: 3
|
||||||
|
encoding: utf8
|
||||||
|
|
||||||
|
root:
|
||||||
|
level: INFO
|
||||||
|
handlers:
|
||||||
|
- console
|
||||||
|
- file
|
||||||
|
|
||||||
|
loggers:
|
||||||
|
synapse:
|
||||||
|
level: INFO
|
||||||
|
|
||||||
|
synapse.storage.SQL:
|
||||||
|
level: INFO
|
||||||
|
|
||||||
|
ldap3:
|
||||||
|
level: INFO
|
||||||
|
|
||||||
|
ldap_auth_provider:
|
||||||
|
level: INFO
|
42
ansible/roles/synapse-admin/files/basedir/config/log-worker-generic.yaml
Executable file
42
ansible/roles/synapse-admin/files/basedir/config/log-worker-generic.yaml
Executable file
|
@ -0,0 +1,42 @@
|
||||||
|
version: 1
|
||||||
|
|
||||||
|
formatters:
|
||||||
|
fmt:
|
||||||
|
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
|
||||||
|
|
||||||
|
filters:
|
||||||
|
context:
|
||||||
|
(): synapse.logging.context.LoggingContextFilter
|
||||||
|
request: ""
|
||||||
|
|
||||||
|
handlers:
|
||||||
|
console:
|
||||||
|
class: logging.StreamHandler
|
||||||
|
formatter: fmt
|
||||||
|
filters: [context]
|
||||||
|
file:
|
||||||
|
class: logging.handlers.TimedRotatingFileHandler
|
||||||
|
formatter: fmt
|
||||||
|
filename: /logs/worker-generic.log
|
||||||
|
when: midnight
|
||||||
|
backupCount: 3
|
||||||
|
encoding: utf8
|
||||||
|
|
||||||
|
root:
|
||||||
|
level: INFO
|
||||||
|
handlers:
|
||||||
|
- console
|
||||||
|
- file
|
||||||
|
|
||||||
|
loggers:
|
||||||
|
synapse:
|
||||||
|
level: INFO
|
||||||
|
|
||||||
|
synapse.storage.SQL:
|
||||||
|
level: INFO
|
||||||
|
|
||||||
|
ldap3:
|
||||||
|
level: INFO
|
||||||
|
|
||||||
|
ldap_auth_provider:
|
||||||
|
level: INFO
|
42
ansible/roles/synapse-admin/files/basedir/config/log-worker-sync.yaml
Executable file
42
ansible/roles/synapse-admin/files/basedir/config/log-worker-sync.yaml
Executable file
|
@ -0,0 +1,42 @@
|
||||||
|
version: 1
|
||||||
|
|
||||||
|
formatters:
|
||||||
|
fmt:
|
||||||
|
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
|
||||||
|
|
||||||
|
filters:
|
||||||
|
context:
|
||||||
|
(): synapse.logging.context.LoggingContextFilter
|
||||||
|
request: ""
|
||||||
|
|
||||||
|
handlers:
|
||||||
|
console:
|
||||||
|
class: logging.StreamHandler
|
||||||
|
formatter: fmt
|
||||||
|
filters: [context]
|
||||||
|
file:
|
||||||
|
class: logging.handlers.TimedRotatingFileHandler
|
||||||
|
formatter: fmt
|
||||||
|
filename: /logs/worker-sync.log
|
||||||
|
when: midnight
|
||||||
|
backupCount: 3
|
||||||
|
encoding: utf8
|
||||||
|
|
||||||
|
root:
|
||||||
|
level: INFO
|
||||||
|
handlers:
|
||||||
|
- console
|
||||||
|
- file
|
||||||
|
|
||||||
|
loggers:
|
||||||
|
synapse:
|
||||||
|
level: INFO
|
||||||
|
|
||||||
|
synapse.storage.SQL:
|
||||||
|
level: INFO
|
||||||
|
|
||||||
|
ldap3:
|
||||||
|
level: INFO
|
||||||
|
|
||||||
|
ldap_auth_provider:
|
||||||
|
level: INFO
|
42
ansible/roles/synapse-admin/files/basedir/config/log.yaml
Executable file
42
ansible/roles/synapse-admin/files/basedir/config/log.yaml
Executable file
|
@ -0,0 +1,42 @@
|
||||||
|
version: 1
|
||||||
|
|
||||||
|
formatters:
|
||||||
|
fmt:
|
||||||
|
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
|
||||||
|
|
||||||
|
filters:
|
||||||
|
context:
|
||||||
|
(): synapse.logging.context.LoggingContextFilter
|
||||||
|
request: ""
|
||||||
|
|
||||||
|
handlers:
|
||||||
|
console:
|
||||||
|
class: logging.StreamHandler
|
||||||
|
formatter: fmt
|
||||||
|
filters: [context]
|
||||||
|
file:
|
||||||
|
class: logging.handlers.TimedRotatingFileHandler
|
||||||
|
formatter: fmt
|
||||||
|
filename: /logs/homeserver.log
|
||||||
|
when: midnight
|
||||||
|
backupCount: 3
|
||||||
|
encoding: utf8
|
||||||
|
|
||||||
|
root:
|
||||||
|
level: INFO
|
||||||
|
handlers:
|
||||||
|
- console
|
||||||
|
- file
|
||||||
|
|
||||||
|
loggers:
|
||||||
|
synapse:
|
||||||
|
level: INFO
|
||||||
|
|
||||||
|
synapse.storage.SQL:
|
||||||
|
level: INFO
|
||||||
|
|
||||||
|
ldap3:
|
||||||
|
level: INFO
|
||||||
|
|
||||||
|
ldap_auth_provider:
|
||||||
|
level: INFO
|
|
@ -0,0 +1,20 @@
|
||||||
|
worker_app: synapse.app.generic_worker
|
||||||
|
worker_name: synapse-worker-federation
|
||||||
|
|
||||||
|
worker_log_config: /config/log-worker-federation.yaml
|
||||||
|
|
||||||
|
worker_listeners:
|
||||||
|
- type: http
|
||||||
|
port: 8008
|
||||||
|
x_forwarded: true
|
||||||
|
resources:
|
||||||
|
- names:
|
||||||
|
- client
|
||||||
|
- federation
|
||||||
|
- port: 9000
|
||||||
|
type: metrics
|
||||||
|
tls: false
|
||||||
|
x_forwarded: true
|
||||||
|
resources:
|
||||||
|
- names: [metrics]
|
||||||
|
compress: false
|
20
ansible/roles/synapse-admin/files/basedir/config/synapse-worker-generic.yaml
Executable file
20
ansible/roles/synapse-admin/files/basedir/config/synapse-worker-generic.yaml
Executable file
|
@ -0,0 +1,20 @@
|
||||||
|
worker_app: synapse.app.generic_worker
|
||||||
|
worker_name: synapse-worker-generic
|
||||||
|
|
||||||
|
worker_log_config: /config/log-worker-generic.yaml
|
||||||
|
|
||||||
|
worker_listeners:
|
||||||
|
- port: 8008
|
||||||
|
type: http
|
||||||
|
tls: false
|
||||||
|
x_forwarded: true
|
||||||
|
resources:
|
||||||
|
- names: [client, federation]
|
||||||
|
compress: false
|
||||||
|
- port: 9000
|
||||||
|
type: metrics
|
||||||
|
tls: false
|
||||||
|
x_forwarded: true
|
||||||
|
resources:
|
||||||
|
- names: [metrics]
|
||||||
|
compress: false
|
20
ansible/roles/synapse-admin/files/basedir/config/synapse-worker-sync.yaml
Executable file
20
ansible/roles/synapse-admin/files/basedir/config/synapse-worker-sync.yaml
Executable file
|
@ -0,0 +1,20 @@
|
||||||
|
worker_app: synapse.app.generic_worker
|
||||||
|
worker_name: synapse-worker-sync
|
||||||
|
|
||||||
|
worker_log_config: /config/log-worker-sync.yaml
|
||||||
|
|
||||||
|
worker_listeners:
|
||||||
|
- type: http
|
||||||
|
port: 8008
|
||||||
|
x_forwarded: true
|
||||||
|
resources:
|
||||||
|
- names:
|
||||||
|
- client
|
||||||
|
- federation
|
||||||
|
- port: 9000
|
||||||
|
type: metrics
|
||||||
|
tls: false
|
||||||
|
x_forwarded: true
|
||||||
|
resources:
|
||||||
|
- names: [metrics]
|
||||||
|
compress: false
|
|
@ -0,0 +1,25 @@
|
||||||
|
version: '3'
|
||||||
|
services:
|
||||||
|
synapse-admin:
|
||||||
|
image: matrixdotorg/synapse:${SYNAPSE_VERSION}
|
||||||
|
volumes:
|
||||||
|
- /mnt/synapse_data:/data
|
||||||
|
- ./config:/config
|
||||||
|
- /mnt/logs/synapse:/logs
|
||||||
|
command:
|
||||||
|
- run
|
||||||
|
- --config-path=/config/homeserver.yaml
|
||||||
|
restart: always
|
||||||
|
container_name: synapse-main
|
||||||
|
|
||||||
|
nginx:
|
||||||
|
image: nginx:${NGINX_VERSION}
|
||||||
|
ports:
|
||||||
|
- "80:80/tcp"
|
||||||
|
- "443:443/tcp"
|
||||||
|
volumes:
|
||||||
|
- ./nginx:/etc/nginx/conf.d
|
||||||
|
- /ssl:/ssl
|
||||||
|
- /mnt/logs/nginx:/var/log/nginx/
|
||||||
|
restart: unless-stopped
|
||||||
|
container_name: nginx
|
1
ansible/roles/synapse-admin/files/basedir/www/index.html
Normal file
1
ansible/roles/synapse-admin/files/basedir/www/index.html
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Test for Synapse
|
27
ansible/roles/synapse-admin/tasks/main.yml
Normal file
27
ansible/roles/synapse-admin/tasks/main.yml
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
- name: Copy docker-compose contents
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: files/basedir/
|
||||||
|
dest: /home/{{ ansible_user }}/docker_compose/{{ matrix_service }}
|
||||||
|
owner: "{{ ansible_user }}"
|
||||||
|
mode: '0644'
|
||||||
|
tags:
|
||||||
|
- files
|
||||||
|
- name: Create nginx dir
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /home/{{ ansible_user }}/docker_compose/{{ matrix_service }}/nginx
|
||||||
|
state: directory
|
||||||
|
owner: "{{ ansible_user }}"
|
||||||
|
mode: '0755'
|
||||||
|
tags:
|
||||||
|
- nginx
|
||||||
|
- dir
|
||||||
|
|
||||||
|
- name: Create nginx config
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "nginx/synapse.conf"
|
||||||
|
dest: /home/{{ ansible_user }}/docker_compose/{{ matrix_service }}/nginx/synapse.conf
|
||||||
|
owner: "{{ ansible_user }}"
|
||||||
|
mode: '0644'
|
||||||
|
tags:
|
||||||
|
- nginx
|
||||||
|
- synapse
|
122
ansible/roles/synapse-admin/templates/nginx/synapse.conf
Normal file
122
ansible/roles/synapse-admin/templates/nginx/synapse.conf
Normal file
|
@ -0,0 +1,122 @@
|
||||||
|
server {
|
||||||
|
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
|
||||||
|
ssl_certificate /ssl/chain.crt;
|
||||||
|
ssl_certificate_key /ssl/certificate.keyplain;
|
||||||
|
|
||||||
|
client_max_body_size 25m;
|
||||||
|
|
||||||
|
access_log /var/log/nginx/synapse-access-{{ inventory_hostname }}.log main;
|
||||||
|
access_log /var/log/nginx/access-{{ inventory_hostname }}.log main;
|
||||||
|
error_log /var/log/nginx/synapse-error-{{ inventory_hostname }}.log notice;
|
||||||
|
error_log /var/log/nginx/error-{{ inventory_hostname }}.log notice;
|
||||||
|
|
||||||
|
|
||||||
|
error_page 403 404 /403_404.html;
|
||||||
|
location = /403_404.html {
|
||||||
|
default_type application/json;
|
||||||
|
return 200 'You are not authorized to access this page.';
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
root /www;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Sync requests
|
||||||
|
location ~ ^/_matrix/client/(r0|v3)/sync$|^/_matrix/client/(api/v1|r0|v3)/events$|^/_matrix/client/(api/v1|r0|v3)/initialSync$|^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$ {
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_pass http://synapse-worker-sync:8008;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Federation requests
|
||||||
|
location ~ ^/_matrix/federation/v1/event/|^/_matrix/federation/v1/state/|^/_matrix/federation/v1/state_ids/|^/_matrix/federation/v1/backfill/|^/_matrix/federation/v1/get_missing_events/|^/_matrix/federation/v1/publicRooms|^/_matrix/federation/v1/query/|^/_matrix/federation/v1/make_join/|^/_matrix/federation/v1/make_leave/|^/_matrix/federation/(v1|v2)/send_join/|^/_matrix/federation/(v1|v2)/send_leave/|^/_matrix/federation/(v1|v2)/invite/|^/_matrix/federation/v1/event_auth/|^/_matrix/federation/v1/timestamp_to_event/|^/_matrix/federation/v1/exchange_third_party_invite/|^/_matrix/federation/v1/user/devices/|^/_matrix/key/v2/query|^/_matrix/federation/v1/hierarchy/|^/_matrix/federation/v1/send/ {
|
||||||
|
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_pass http://synapse-worker-federation:8008;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
# Client requests
|
||||||
|
location ~ ^/_matrix/client/(api/v1|r0|unstable)/publicRooms$|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/joined_members$|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/context/.*$|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/members$|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state$|^/_matrix/client/(api/v1|r0|unstable)/account/3pid$|^/_matrix/client/(api/v1|r0|unstable)/devices$|^/_matrix/client/(api/v1|r0|unstable)/keys/query$|^/_matrix/client/(api/v1|r0|unstable)/keys/changes$|^/_matrix/client/versions$|^/_matrix/client/(api/v1|r0|unstable)/voip/turnServer$|^/_matrix/client/(api/v1|r0|unstable)/joined_groups$|^/_matrix/client/(api/v1|r0|unstable)/publicised_groups$|^/_matrix/client/(api/v1|r0|unstable)/publicised_groups/|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/event/|^/_matrix/client/(api/v1|r0|unstable)/joined_rooms$|^/_matrix/client/(api/v1|r0|unstable)/search$ {
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_pass http://synapse-worker-generic:8008;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Metrics to master
|
||||||
|
location ~ /_synapse/metrics {
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_pass http://synapse-main:9000;
|
||||||
|
|
||||||
|
allow 10.161.228.115;
|
||||||
|
allow 10.161.228.116;
|
||||||
|
allow 10.161.228.117;
|
||||||
|
allow 10.161.228.118;
|
||||||
|
allow 10.161.228.119;
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Metrics to worker-generic
|
||||||
|
location ~ /synapse-worker-generic/metrics {
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_pass http://synapse-worker-generic:9000;
|
||||||
|
|
||||||
|
allow 10.161.228.115;
|
||||||
|
allow 10.161.228.116;
|
||||||
|
allow 10.161.228.117;
|
||||||
|
allow 10.161.228.118;
|
||||||
|
allow 10.161.228.119;
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Metrics to worker-sync
|
||||||
|
location ~ /synapse-worker-sync/metrics {
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_pass http://synapse-worker-sync:9000;
|
||||||
|
|
||||||
|
allow 10.161.228.115;
|
||||||
|
allow 10.161.228.116;
|
||||||
|
allow 10.161.228.117;
|
||||||
|
allow 10.161.228.118;
|
||||||
|
allow 10.161.228.119;
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Metrics to worker-federation
|
||||||
|
location ~ /synapse-worker-federation/metrics {
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_pass http://synapse-worker-federation:9000;
|
||||||
|
|
||||||
|
allow 10.161.228.115;
|
||||||
|
allow 10.161.228.116;
|
||||||
|
allow 10.161.228.117;
|
||||||
|
allow 10.161.228.118;
|
||||||
|
allow 10.161.228.119;
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# All other matrix/synapse requests go to main
|
||||||
|
location ~ /_matrix|/_synapse {
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
|
||||||
|
proxy_pass http://synapse-main:8008;
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in a new issue