runa update

ansible/inventory/runa.yml

@@ -12,6 +12,8 @@ runa:
     matrix_service: ""
     turn:
       realm: ""
+    nfs:
+      enabled: false
 
     logs_dirs:
       - name: nginx
@@ -28,35 +30,40 @@ runa:
           turn:
             realm: "turn-1.corp-serv.net"
             external_ip: "135.125.151.180/10.80.24.41"
-          matrix_service: "turn"
         mtx-turn-2.ankr.corp-services.app:
+          matrix_service: "turn"
           turn:
             realm: "turn-2.corp-serv.net"
             external_ip: "135.125.151.177/10.80.24.42"
-          matrix_service: "turn"
     lat:
       hosts:
         mtx-elem-1.lat.internal.ru.com:
+          matrix_service: "elementweb"
           docker_compose:
             - elementweb
-          matrix_service: "elementweb"
         mtx-elem-2.lat.internal.ru.com:
+          matrix_service: "elementweb"
           docker_compose:
             - elementweb
-          matrix_service: "elementweb"
         mtx-syna-1.lat.internal.ru.com:
           matrix_service: "synapse"
           docker_compose:
             - synapse
+          nfs:
+            enabled: true
         mtx-syna-2.lat.internal.ru.com:
           matrix_service: "synapse"
           docker_compose:
             - synapse
+          nfs:
+            enabled: true
         mtx-mngm-1.lat.internal.ru.com:
+          matrix_service: "synapse-admin"
           has_ssl_certificates: false
           docker_compose:
             - synapse-admin
         mtx-mngm-2.lat.internal.ru.com:
+          matrix_service: "synapse-admin"
           has_ssl_certificates: false
           docker_compose:
             - synapse-admin

ansible/playbook/runa.yml

@@ -12,7 +12,8 @@
       tags:
         - synapse
         - logdir
-      when: '"synapse" in docker_compose'
+      when: matrix_service == "synapse" or matrix_service == "elementweb" or matrix_service == "turn"
+      # when: '"synapse" in docker_compose'
     - name: SSL Certs
       include_role:
         name: ssl-certificates
@@ -24,7 +25,7 @@
         name: docker-compose
       tags:
         - docker
-      when: docker_compose
+      when: docker_compose or matrix_service
     - name: Add elementweb
       include_role:
         name: elementweb

ansible/roles/synapse-base/tasks/main.yml

@@ -4,6 +4,7 @@
     path: /mnt
     state: mounted
     fstype: nfs
+  when: nfs.enabled == true
 - name: Create docker-compose project directories
   ansible.builtin.file:
     path: /mnt/synapse_data

ansible/roles/synapse/files/basedir/config/log-worker-federation.yaml

@@ -0,0 +1,42 @@
+version: 1
+
+formatters:
+  fmt:
+    format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
+
+filters:
+  context:
+    (): synapse.logging.context.LoggingContextFilter
+    request: ""
+
+handlers:
+  console:
+    class: logging.StreamHandler
+    formatter: fmt
+    filters: [context]
+  file:
+    class: logging.handlers.TimedRotatingFileHandler
+    formatter: fmt
+    filename: /logs/worker-federation.log
+    when: midnight
+    backupCount: 3
+    encoding: utf8
+
+root:
+  level: INFO
+  handlers:
+    - console
+    - file
+
+loggers:
+  synapse:
+    level: INFO
+
+  synapse.storage.SQL:
+    level: INFO
+
+  ldap3:
+    level: INFO
+
+  ldap_auth_provider:
+    level: INFO

ansible/roles/synapse/files/basedir/config/log-worker-generic.yaml

@@ -0,0 +1,42 @@
+version: 1
+
+formatters:
+  fmt:
+    format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
+
+filters:
+  context:
+    (): synapse.logging.context.LoggingContextFilter
+    request: ""
+
+handlers:
+  console:
+    class: logging.StreamHandler
+    formatter: fmt
+    filters: [context]
+  file:
+    class: logging.handlers.TimedRotatingFileHandler
+    formatter: fmt
+    filename: /logs/worker-generic.log
+    when: midnight
+    backupCount: 3
+    encoding: utf8
+
+root:
+  level: INFO
+  handlers:
+    - console
+    - file
+
+loggers:
+  synapse:
+    level: INFO
+
+  synapse.storage.SQL:
+    level: INFO
+
+  ldap3:
+    level: INFO
+
+  ldap_auth_provider:
+    level: INFO

ansible/roles/synapse/files/basedir/config/log-worker-sync.yaml

@@ -0,0 +1,42 @@
+version: 1
+
+formatters:
+  fmt:
+    format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
+
+filters:
+  context:
+    (): synapse.logging.context.LoggingContextFilter
+    request: ""
+
+handlers:
+  console:
+    class: logging.StreamHandler
+    formatter: fmt
+    filters: [context]
+  file:
+    class: logging.handlers.TimedRotatingFileHandler
+    formatter: fmt
+    filename: /logs/worker-sync.log
+    when: midnight
+    backupCount: 3
+    encoding: utf8
+
+root:
+  level: INFO
+  handlers:
+    - console
+    - file
+
+loggers:
+  synapse:
+    level: INFO
+
+  synapse.storage.SQL:
+    level: INFO
+
+  ldap3:
+    level: INFO
+
+  ldap_auth_provider:
+    level: INFO

ansible/roles/synapse/files/basedir/config/log.yaml

@@ -14,10 +14,19 @@ handlers:
     class: logging.StreamHandler
     formatter: fmt
     filters: [context]
+  file:
+    class: logging.handlers.TimedRotatingFileHandler
+    formatter: fmt
+    filename: /logs/homeserver.log
+    when: midnight
+    backupCount: 3
+    encoding: utf8
 
 root:
   level: INFO
-  handlers: [console] # to use file handler instead, switch to [file]
+  handlers:
+    - console
+    - file
 
 loggers:
   synapse:

ansible/roles/synapse/files/basedir/config/synapse-worker-federation.yaml

@@ -1,6 +1,8 @@
 worker_app: synapse.app.generic_worker
 worker_name: synapse-worker-federation
 
+worker_log_config: /config/log-worker-federation.yaml
+
 worker_listeners:
   - type: http
     port: 8008

ansible/roles/synapse/files/basedir/config/synapse-worker-generic.yaml

@@ -1,6 +1,8 @@
 worker_app: synapse.app.generic_worker
 worker_name: synapse-worker-generic
 
+worker_log_config: /config/log-worker-generic.yaml
+
 worker_listeners:
   - port: 8008
     type: http

ansible/roles/synapse/files/basedir/config/synapse-worker-sync.yaml

@@ -1,6 +1,8 @@
 worker_app: synapse.app.generic_worker
 worker_name: synapse-worker-sync
 
+worker_log_config: /config/log-worker-sync.yaml
+
 worker_listeners:
   - type: http
     port: 8008

ansible/roles/synapse/files/basedir/docker-compose.yaml

@@ -5,6 +5,7 @@ services:
     volumes:
       - /mnt/synapse_data:/data
       - ./config:/config
+      - /mnt/logs/synapse:/logs
     command:
       - run
       - --config-path=/config/homeserver.yaml
@@ -20,6 +21,7 @@ services:
     volumes:
       - /mnt/synapse_data:/data
       - ./config:/config
+      - /mnt/logs/synapse:/logs
     environment:
       SYNAPSE_WORKER: synapse.app.generic_worker
     depends_on:
@@ -36,6 +38,7 @@ services:
     volumes:
       - /mnt/synapse_data:/data
       - ./config:/config
+      - /mnt/logs/synapse:/logs
     environment:
       SYNAPSE_WORKER: synapse.app.generic_worker
     depends_on:
@@ -52,6 +55,7 @@ services:
     volumes:
       - /mnt/synapse_data:/data
       - ./config:/config
+      - /mnt/logs/synapse:/logs
     environment:
       SYNAPSE_WORKER: synapse.app.generic_worker
     depends_on:

ansible/roles/turn/files/basedir/docker-compose.yaml

@@ -10,3 +10,4 @@ services:
       - ./coturn/cert.pem:/etc/ssl/certs/cert.pem:ro
       - ./nginx:/etc/nginx/conf.d
       - /ssl:/ssl
+      - /mnt/logs/turn:/logs

ansible/roles/turn/tasks/main.yaml

@@ -0,0 +1,17 @@
+- name: Copy docker-compose contents
+  ansible.builtin.copy:
+    src: files/basedir/
+    dest: /home/{{ ansible_user }}/docker_compose/{{ matrix_service }}
+    owner: "{{ ansible_user }}"
+    mode: '0644'
+  tags:
+    - files
+- name: Create turn config
+  ansible.builtin.template:
+    src: "turnserver.conf"
+    dest: /home/{{ ansible_user }}/docker_compose/{{ matrix_service }}/turnserver.conf
+    owner: "{{ ansible_user }}"
+    mode: '0644'
+  tags:
+    - nginx
+    - synapse