From 970afe943d853c0e6adaabf366692a2299b8557f Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@nico-notebook.schottelius.org>
Date: Mon, 4 Dec 2023 11:39:28 +0100
Subject: [PATCH] runa update

---
 ansible/inventory/runa.yml                    | 15 +++++--
 ansible/playbook/runa.yml                     |  5 ++-
 ansible/roles/synapse-base/tasks/main.yml     |  1 +
 .../basedir/config/log-worker-federation.yaml | 42 +++++++++++++++++++
 .../basedir/config/log-worker-generic.yaml    | 42 +++++++++++++++++++
 .../files/basedir/config/log-worker-sync.yaml | 42 +++++++++++++++++++
 .../synapse/files/basedir/config/log.yaml     | 11 ++++-
 .../config/synapse-worker-federation.yaml     |  2 +
 .../config/synapse-worker-generic.yaml        |  2 +
 .../basedir/config/synapse-worker-sync.yaml   |  2 +
 .../synapse/files/basedir/docker-compose.yaml |  4 ++
 .../turn/files/basedir/docker-compose.yaml    |  1 +
 ansible/roles/turn/tasks/main.yaml            | 17 ++++++++
 13 files changed, 179 insertions(+), 7 deletions(-)
 create mode 100755 ansible/roles/synapse/files/basedir/config/log-worker-federation.yaml
 create mode 100755 ansible/roles/synapse/files/basedir/config/log-worker-generic.yaml
 create mode 100755 ansible/roles/synapse/files/basedir/config/log-worker-sync.yaml
 create mode 100644 ansible/roles/turn/tasks/main.yaml

diff --git a/ansible/inventory/runa.yml b/ansible/inventory/runa.yml
index a259a9f..6646d9d 100644
--- a/ansible/inventory/runa.yml
+++ b/ansible/inventory/runa.yml
@@ -12,6 +12,8 @@ runa:
     matrix_service: ""
     turn:
       realm: ""
+    nfs:
+      enabled: false
 
     logs_dirs:
       - name: nginx
@@ -28,35 +30,40 @@ runa:
           turn:
             realm: "turn-1.corp-serv.net"
             external_ip: "135.125.151.180/10.80.24.41"
-          matrix_service: "turn"
         mtx-turn-2.ankr.corp-services.app:
+          matrix_service: "turn"
           turn:
             realm: "turn-2.corp-serv.net"
             external_ip: "135.125.151.177/10.80.24.42"
-          matrix_service: "turn"
     lat:
       hosts:
         mtx-elem-1.lat.internal.ru.com:
+          matrix_service: "elementweb"
           docker_compose:
             - elementweb
-          matrix_service: "elementweb"
         mtx-elem-2.lat.internal.ru.com:
+          matrix_service: "elementweb"
           docker_compose:
             - elementweb
-          matrix_service: "elementweb"
         mtx-syna-1.lat.internal.ru.com:
           matrix_service: "synapse"
           docker_compose:
             - synapse
+          nfs:
+            enabled: true
         mtx-syna-2.lat.internal.ru.com:
           matrix_service: "synapse"
           docker_compose:
             - synapse
+          nfs:
+            enabled: true
         mtx-mngm-1.lat.internal.ru.com:
+          matrix_service: "synapse-admin"
           has_ssl_certificates: false
           docker_compose:
             - synapse-admin
         mtx-mngm-2.lat.internal.ru.com:
+          matrix_service: "synapse-admin"
           has_ssl_certificates: false
           docker_compose:
             - synapse-admin
diff --git a/ansible/playbook/runa.yml b/ansible/playbook/runa.yml
index faa8237..255b8f3 100644
--- a/ansible/playbook/runa.yml
+++ b/ansible/playbook/runa.yml
@@ -12,7 +12,8 @@
       tags:
         - synapse
         - logdir
-      when: '"synapse" in docker_compose'
+      when: matrix_service == "synapse" or matrix_service == "elementweb" or matrix_service == "turn"
+      # when: '"synapse" in docker_compose'
     - name: SSL Certs
       include_role:
         name: ssl-certificates
@@ -24,7 +25,7 @@
         name: docker-compose
       tags:
         - docker
-      when: docker_compose
+      when: docker_compose or matrix_service
     - name: Add elementweb
       include_role:
         name: elementweb
diff --git a/ansible/roles/synapse-base/tasks/main.yml b/ansible/roles/synapse-base/tasks/main.yml
index 63b5fac..499bbeb 100644
--- a/ansible/roles/synapse-base/tasks/main.yml
+++ b/ansible/roles/synapse-base/tasks/main.yml
@@ -4,6 +4,7 @@
     path: /mnt
     state: mounted
     fstype: nfs
+  when: nfs.enabled == true
 - name: Create docker-compose project directories
   ansible.builtin.file:
     path: /mnt/synapse_data
diff --git a/ansible/roles/synapse/files/basedir/config/log-worker-federation.yaml b/ansible/roles/synapse/files/basedir/config/log-worker-federation.yaml
new file mode 100755
index 0000000..fb43179
--- /dev/null
+++ b/ansible/roles/synapse/files/basedir/config/log-worker-federation.yaml
@@ -0,0 +1,42 @@
+version: 1
+
+formatters:
+  fmt:
+    format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
+
+filters:
+  context:
+    (): synapse.logging.context.LoggingContextFilter
+    request: ""
+
+handlers:
+  console:
+    class: logging.StreamHandler
+    formatter: fmt
+    filters: [context]
+  file:
+    class: logging.handlers.TimedRotatingFileHandler
+    formatter: fmt
+    filename: /logs/worker-federation.log
+    when: midnight
+    backupCount: 3
+    encoding: utf8
+
+root:
+  level: INFO
+  handlers:
+    - console
+    - file
+
+loggers:
+  synapse:
+    level: INFO
+
+  synapse.storage.SQL:
+    level: INFO
+
+  ldap3:
+    level: INFO
+
+  ldap_auth_provider:
+    level: INFO
diff --git a/ansible/roles/synapse/files/basedir/config/log-worker-generic.yaml b/ansible/roles/synapse/files/basedir/config/log-worker-generic.yaml
new file mode 100755
index 0000000..4437e9f
--- /dev/null
+++ b/ansible/roles/synapse/files/basedir/config/log-worker-generic.yaml
@@ -0,0 +1,42 @@
+version: 1
+
+formatters:
+  fmt:
+    format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
+
+filters:
+  context:
+    (): synapse.logging.context.LoggingContextFilter
+    request: ""
+
+handlers:
+  console:
+    class: logging.StreamHandler
+    formatter: fmt
+    filters: [context]
+  file:
+    class: logging.handlers.TimedRotatingFileHandler
+    formatter: fmt
+    filename: /logs/worker-generic.log
+    when: midnight
+    backupCount: 3
+    encoding: utf8
+
+root:
+  level: INFO
+  handlers:
+    - console
+    - file
+
+loggers:
+  synapse:
+    level: INFO
+
+  synapse.storage.SQL:
+    level: INFO
+
+  ldap3:
+    level: INFO
+
+  ldap_auth_provider:
+    level: INFO
diff --git a/ansible/roles/synapse/files/basedir/config/log-worker-sync.yaml b/ansible/roles/synapse/files/basedir/config/log-worker-sync.yaml
new file mode 100755
index 0000000..3ae9820
--- /dev/null
+++ b/ansible/roles/synapse/files/basedir/config/log-worker-sync.yaml
@@ -0,0 +1,42 @@
+version: 1
+
+formatters:
+  fmt:
+    format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
+
+filters:
+  context:
+    (): synapse.logging.context.LoggingContextFilter
+    request: ""
+
+handlers:
+  console:
+    class: logging.StreamHandler
+    formatter: fmt
+    filters: [context]
+  file:
+    class: logging.handlers.TimedRotatingFileHandler
+    formatter: fmt
+    filename: /logs/worker-sync.log
+    when: midnight
+    backupCount: 3
+    encoding: utf8
+
+root:
+  level: INFO
+  handlers:
+    - console
+    - file
+
+loggers:
+  synapse:
+    level: INFO
+
+  synapse.storage.SQL:
+    level: INFO
+
+  ldap3:
+    level: INFO
+
+  ldap_auth_provider:
+    level: INFO
diff --git a/ansible/roles/synapse/files/basedir/config/log.yaml b/ansible/roles/synapse/files/basedir/config/log.yaml
index 36349ed..b094b3d 100755
--- a/ansible/roles/synapse/files/basedir/config/log.yaml
+++ b/ansible/roles/synapse/files/basedir/config/log.yaml
@@ -14,10 +14,19 @@ handlers:
     class: logging.StreamHandler
     formatter: fmt
     filters: [context]
+  file:
+    class: logging.handlers.TimedRotatingFileHandler
+    formatter: fmt
+    filename: /logs/homeserver.log
+    when: midnight
+    backupCount: 3
+    encoding: utf8
 
 root:
   level: INFO
-  handlers: [console] # to use file handler instead, switch to [file]
+  handlers:
+    - console
+    - file
 
 loggers:
   synapse:
diff --git a/ansible/roles/synapse/files/basedir/config/synapse-worker-federation.yaml b/ansible/roles/synapse/files/basedir/config/synapse-worker-federation.yaml
index 3c3bf8f..7e5b619 100755
--- a/ansible/roles/synapse/files/basedir/config/synapse-worker-federation.yaml
+++ b/ansible/roles/synapse/files/basedir/config/synapse-worker-federation.yaml
@@ -1,6 +1,8 @@
 worker_app: synapse.app.generic_worker
 worker_name: synapse-worker-federation
 
+worker_log_config: /config/log-worker-federation.yaml
+
 worker_listeners:
   - type: http
     port: 8008
diff --git a/ansible/roles/synapse/files/basedir/config/synapse-worker-generic.yaml b/ansible/roles/synapse/files/basedir/config/synapse-worker-generic.yaml
index 7f21726..b304133 100755
--- a/ansible/roles/synapse/files/basedir/config/synapse-worker-generic.yaml
+++ b/ansible/roles/synapse/files/basedir/config/synapse-worker-generic.yaml
@@ -1,6 +1,8 @@
 worker_app: synapse.app.generic_worker
 worker_name: synapse-worker-generic
 
+worker_log_config: /config/log-worker-generic.yaml
+
 worker_listeners:
   - port: 8008
     type: http
diff --git a/ansible/roles/synapse/files/basedir/config/synapse-worker-sync.yaml b/ansible/roles/synapse/files/basedir/config/synapse-worker-sync.yaml
index 8756dab..c812e02 100755
--- a/ansible/roles/synapse/files/basedir/config/synapse-worker-sync.yaml
+++ b/ansible/roles/synapse/files/basedir/config/synapse-worker-sync.yaml
@@ -1,6 +1,8 @@
 worker_app: synapse.app.generic_worker
 worker_name: synapse-worker-sync
 
+worker_log_config: /config/log-worker-sync.yaml
+
 worker_listeners:
   - type: http
     port: 8008
diff --git a/ansible/roles/synapse/files/basedir/docker-compose.yaml b/ansible/roles/synapse/files/basedir/docker-compose.yaml
index 967511b..65c557a 100644
--- a/ansible/roles/synapse/files/basedir/docker-compose.yaml
+++ b/ansible/roles/synapse/files/basedir/docker-compose.yaml
@@ -5,6 +5,7 @@ services:
     volumes:
       - /mnt/synapse_data:/data
       - ./config:/config
+      - /mnt/logs/synapse:/logs
     command:
       - run
       - --config-path=/config/homeserver.yaml
@@ -20,6 +21,7 @@ services:
     volumes:
       - /mnt/synapse_data:/data
       - ./config:/config
+      - /mnt/logs/synapse:/logs
     environment:
       SYNAPSE_WORKER: synapse.app.generic_worker
     depends_on:
@@ -36,6 +38,7 @@ services:
     volumes:
       - /mnt/synapse_data:/data
       - ./config:/config
+      - /mnt/logs/synapse:/logs
     environment:
       SYNAPSE_WORKER: synapse.app.generic_worker
     depends_on:
@@ -52,6 +55,7 @@ services:
     volumes:
       - /mnt/synapse_data:/data
       - ./config:/config
+      - /mnt/logs/synapse:/logs
     environment:
       SYNAPSE_WORKER: synapse.app.generic_worker
     depends_on:
diff --git a/ansible/roles/turn/files/basedir/docker-compose.yaml b/ansible/roles/turn/files/basedir/docker-compose.yaml
index e9f826c..fc735c0 100644
--- a/ansible/roles/turn/files/basedir/docker-compose.yaml
+++ b/ansible/roles/turn/files/basedir/docker-compose.yaml
@@ -10,3 +10,4 @@ services:
       - ./coturn/cert.pem:/etc/ssl/certs/cert.pem:ro
       - ./nginx:/etc/nginx/conf.d
       - /ssl:/ssl
+      - /mnt/logs/turn:/logs
diff --git a/ansible/roles/turn/tasks/main.yaml b/ansible/roles/turn/tasks/main.yaml
new file mode 100644
index 0000000..af48e16
--- /dev/null
+++ b/ansible/roles/turn/tasks/main.yaml
@@ -0,0 +1,17 @@
+- name: Copy docker-compose contents
+  ansible.builtin.copy:
+    src: files/basedir/
+    dest: /home/{{ ansible_user }}/docker_compose/{{ matrix_service }}
+    owner: "{{ ansible_user }}"
+    mode: '0644'
+  tags:
+    - files
+- name: Create turn config
+  ansible.builtin.template:
+    src: "turnserver.conf"
+    dest: /home/{{ ansible_user }}/docker_compose/{{ matrix_service }}/turnserver.conf
+    owner: "{{ ansible_user }}"
+    mode: '0644'
+  tags:
+    - nginx
+    - synapse