refactoring in between

ansible/inventory/runa.yml

@@ -42,9 +42,11 @@ runa:
             - elementweb
           matrix_service: "elementweb"
         mtx-syna-1.lat.internal.ru.com:
+          matrix_service: "synapse"
           docker_compose:
             - synapse
         mtx-syna-2.lat.internal.ru.com:
+          matrix_service: "synapse"
           docker_compose:
             - synapse
         mtx-mngm-1.lat.internal.ru.com:

ansible/playbook/runa.yml

@@ -30,5 +30,10 @@
         name: elementweb
       tags:
         - docker
-        - test
       when: matrix_service == "elementweb"
+    - name: Add synapse
+      include_role:
+        name: synapse
+      tags:
+        - synapse
+      when: matrix_service == "synapse"

ansible/roles/docker-compose/files/turn2/turnserver.conf

@@ -0,0 +1,18 @@
+realm=turn-2.corp-serv.net
+no-tcp-relay
+listening-ip=0.0.0.0
+listening-port=3478
+min-port=49152
+max-port=65535
+
+external-ip=
+
+log-file=stdout
+verbose
+pidfile=/var/tmp/turnserver.pid
+use-auth-secret
+static-auth-secret=ihaaCac6Oow3ohzuvequ6esoo9eegheex
+
+tls-listening-port=5349
+pkey=/ssl/certificate.keyplain
+cert=/ssl/chain.crt

ansible/roles/docker-compose/tasks/main.yml

@@ -87,19 +87,19 @@
     - dir
 - name: Create docker-compose project directories
   ansible.builtin.file:
-    path: /home/{{ ansible_user }}/docker_compose/{{ item }}
+    path: /home/{{ ansible_user }}/docker_compose/{{ matrix_service }}
     state: directory
     mode: '0755'
-  loop: "{{ docker_compose }}"
   tags:
     - dir
 
-- name: Copy docker-compose contents
+# moved to its own role
-  ansible.builtin.copy:
+# - name: Copy docker-compose contents
-    src: files/{{ item }}/
+#   ansible.builtin.copy:
-    dest: /home/{{ ansible_user }}/docker_compose/{{ item }}
+#     src: files/{{ item }}/
-    owner: "{{ ansible_user }}"
+#     dest: /home/{{ ansible_user }}/docker_compose/{{ item }}
-    mode: '0644'
+#     owner: "{{ ansible_user }}"
-  loop: "{{ docker_compose }}"
+#     mode: '0644'
-  tags:
+#   loop: "{{ docker_compose }}"
-    - files
+#   tags:
+#     - files

ansible/roles/elementweb/files/docker-compose.yaml

@@ -17,3 +17,4 @@ services:
       - ./nginx:/etc/nginx/conf.d
       - /ssl:/ssl
       - /www:/www
+      - /mnt/logs/nginx:/var/log/nginx/

ansible/roles/elementweb/tasks/main.yml

@@ -18,6 +18,16 @@
     - dir
     - test
 
+- name: Create nginx log dir
+  ansible.builtin.file:
+    path: /home/{{ ansible_user }}/docker_compose/{{ matrix_service }}/nginx
+    state: directory
+    owner: "{{ ansible_user }}"
+    mode: '0755'
+  tags:
+    - dir
+    - test
+
 - name: Create nginx config
   ansible.builtin.template:
     src: "nginx/elementweb.conf"

ansible/roles/elementweb/templates/nginx/elementweb.conf

@@ -6,9 +6,9 @@ server {
     ssl_certificate      /ssl/chain.crt;
     ssl_certificate_key  /ssl/certificate.keyplain;
 
-    access_log /var/log/nginx/element/access-{{ inventory_hostname }}.log main;
+    access_log /var/log/nginx/element-access-{{ inventory_hostname }}.log main;
     access_log /var/log/nginx/access-{{ inventory_hostname }}.log main;
-    error_log /var/log/nginx/element/error-{{ inventory_hostname }}.log notice;
+    error_log /var/log/nginx/element-error-{{ inventory_hostname }}.log notice;
     error_log /var/log/nginx/error-{{ inventory_hostname }}.log notice;
 
     error_page 403 404 /403_404.html;

ansible/roles/synapse/files/basedir/config/synapse-worker-generic.yaml

@@ -9,3 +9,10 @@ worker_listeners:
     resources:
       - names: [client, federation]
         compress: false
+  - port: 9000
+    type: metrics
+    tls: false
+    x_forwarded: true
+    resources:
+     - names: [metrics]
+       compress: false

ansible/roles/synapse/files/basedir/docker-compose.yaml

@@ -64,6 +64,7 @@ services:
     volumes:
       - ./nginx:/etc/nginx/conf.d
       - /ssl:/ssl
+      - /mnt/logs/nginx:/var/log/nginx/
     restart: unless-stopped
 
   redis:
@@ -71,18 +72,3 @@ services:
     ports:
       - "6379:6379/tcp"
     restart: "unless-stopped"
-
-  # synapse-federation-sender-1:
-  #   image: matrixdotorg/synapse:latest
-  #   container_name: synapse-federation-sender-1
-  #   restart: unless-stopped
-  #   entrypoint: ["/start.py", "run", "--config-path=/data/homeserver.yaml", "--config-path=/data/workers/synapse-federation-sender-1.yaml"]
-  #   healthcheck:
-  #     disable: true
-  #   network_mode: "host"
-  #   volumes:
-  #     - ./synapse:/data
-  #   environment:
-  #     SYNAPSE_WORKER: synapse.app.generic_worker
-  #   depends_on:
-  #     - synapse

ansible/roles/synapse/templates/nginx/synapse.conf

@@ -8,6 +8,12 @@ server {
 
     client_max_body_size 25m;
 
+    access_log /var/log/nginx/synapse-access-{{ inventory_hostname }}.log main;
+    access_log /var/log/nginx/access-{{ inventory_hostname }}.log main;
+    error_log /var/log/nginx/synapse-error-{{ inventory_hostname }}.log notice;
+    error_log /var/log/nginx/error-{{ inventory_hostname }}.log notice;
+
+
     error_page 403 404 /403_404.html;
     location = /403_404.html {
 	    default_type application/json;
@@ -59,6 +65,22 @@ server {
       deny all;
     }
 
+    # Metrics to master
+    location ~ /synapse-worker-generic/metrics {
+      proxy_set_header X-Forwarded-For $remote_addr;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header Host $http_host;
+      proxy_pass http://synapse-worker-generic:9000;
+
+      allow 10.161.228.115;
+      allow 10.161.228.116;
+      allow 10.161.228.117;
+      allow 10.161.228.118;
+      allow 10.161.228.119;
+      deny all;
+    }
+
+
     # All other matrix/synapse requests go to main
     location ~ /_matrix|/_synapse {
       proxy_set_header X-Forwarded-For $remote_addr;