[refactor] make postgres parameters an option

2024-02-23 11:49:15 +09:00 · 2024-02-23 11:49:15 +09:00 · f7f885c705
commit f7f885c705
parent 5319fbfe56
4 changed files with 36 additions and 26 deletions
--- a/ansible/inventory/runa.yml
+++ b/ansible/inventory/runa.yml
@ -26,6 +26,8 @@ runa:
      elementweb: ""
      matrixdomain: ""
      logout_redirect_url: ""
+      turn_uris: []
+      turn_shared_secret: ""
  children:
    ank:
      hosts:
@ -46,6 +48,20 @@ runa:
          elementweb: "element.corp-serv.net"
          matrixdomain: "corp-serv.net"
          logout_redirect_url: "https://idp.corp-serv.net/realms/MAT/protocol/openid-connect/logout"
+          turn_uris:
+            - turn:turn-1.corp-serv.net?transport=udp
+            - turn:turn-2.corp-serv.net?transport=udp
+            - turn:turn-1.corp-serv.net?transport=tcp
+            - turn:turn-2.corp-serv.net?transport=tcp
+            - turns:turn-1.corp-serv.net?transport=tcp
+            - turns:turn-2.corp-serv.net?transport=tcp
+            - turns:turn-1.corp-serv.net?transport=udp
+            - turns:turn-2.corp-serv.net?transport=udp
+          turn_shared_secret: ihaaCac6Oow3ohzuvequ6esoo9eegheex
+          postgres_user: matrix-synapse
+          postgres_password: "31913hkVN_L9b3i_0v1RX_ZJXx_AD564_MM_nz"
+          postgres_db: matrix-synapse-db
+          postgres_host: postgresql-mtx.lat.internal.ru.com
      hosts:
        mtx-elem-1.lat.internal.ru.com:
          matrix_service: "elementweb"
@ -74,6 +90,16 @@ runa:
          elementweb: "element.lta.corp-serv.net"
          matrixdomain: "lta.corp-serv.net"
          logout_redirect_url: "FIXME"
+          turn_uris:
+            - turn:mtx-turn-1.lta.internal.ru.com?transport=udp
+            - turn:mtx-turn-1.lta.internal.ru.com?transport=tcp
+            - turns:mtx-turn-1.lta.internal.ru.com?transport=tcp
+            - turns:mtx-turn-1.lta.internal.ru.com?transport=udp
+          turn_shared_secret: "ushaHimahxi6eisaeV4Chu0quaeyeish"
+          postgres_user: matrix-synapseTBD
+          postgres_password: "TBD"
+          postgres_db: matrix-synapse-dbTBD
+          postgres_host: TBDpostgresql-mtx.lta.internal.ru.com
      hosts:
        mtx-mngm-1.lta.internal.ru.com:
          matrix_service: "synapse-admin"
--- a/ansible/playbook/service.yaml
+++ b/ansible/playbook/service.yaml
@ -4,24 +4,16 @@
    - name: Add elementweb
      include_role:
        name: elementweb
-      tags:
-        - elementweb
      when: matrix_service == "elementweb"
    - name: Add synapse
      include_role:
        name: synapse
-      tags:
-        - synapse
      when: matrix_service == "synapse"
    - name: Add turn
      include_role:
        name: turn
-      tags:
-        - turn
      when: matrix_service == "turn"
    - name: Add synapse-admin
      include_role:
        name: synapse-admin
-      tags:
-        - synapse-admin
      when: matrix_service == "synapse-admin"
--- a/ansible/roles/synapse/tasks/main.yml
+++ b/ansible/roles/synapse/tasks/main.yml
@ -36,16 +36,13 @@
 - name: Create homeserver configuration
  ansible.builtin.template:
    src: "synapse/homeserver.yaml"
-    dest: /home/{{ ansible_user }}/docker_compose/{{ matrix_service }}/config/synapse-worker-{{ item }}.yaml
+    dest: /home/{{ ansible_user }}/docker_compose/{{ matrix_service }}/config/homeserver.yaml
    owner: "{{ ansible_user }}"
    mode: '0644'
  tags:
    - log
    - synapse
-  loop:
-    - generic
-    - federation
-    - sync
+    - homeserver
 - name: Create worker configurations
  ansible.builtin.template:
    src: "synapse/synapse-worker.yaml"
--- a/ansible/roles/synapse/templates/synapse/homeserver.yaml
+++ b/ansible/roles/synapse/templates/synapse/homeserver.yaml
@ -806,10 +806,10 @@ caches:
 database:
 name: psycopg2
 args:
-   user: matrix-synapse
-   password: "31913hkVN_L9b3i_0v1RX_ZJXx_AD564_MM_nz"
-   database: matrix-synapse-db
-   host: postgresql-mtx.lat.internal.ru.com
+   user: {{ matrix.postgres_user }}
+   password: "{{ matrix.postgres_password }}"
+   database: {{ matrix.postgres_db }}
+   host:  {{ matrix.postgres_host }}
   port: 5432
   cp_min: 5
   cp_max: 10
@ -1189,18 +1189,13 @@ url_preview_accept_language:
 # The public URIs of the TURN server to give to clients
 #
 turn_uris:
-  - turn:turn-1.corp-serv.net?transport=udp
-  - turn:turn-2.corp-serv.net?transport=udp
-  - turn:turn-1.corp-serv.net?transport=tcp
-  - turn:turn-2.corp-serv.net?transport=tcp
-  - turns:turn-1.corp-serv.net?transport=tcp
-  - turns:turn-2.corp-serv.net?transport=tcp
-  - turns:turn-1.corp-serv.net?transport=udp
-  - turns:turn-2.corp-serv.net?transport=udp
+{% for uri in matrix.turn_uris %}
+  - {{ uri }}
+{% endfor %}]

 # The shared secret used to compute passwords for the TURN server
 #
-turn_shared_secret: "ihaaCac6Oow3ohzuvequ6esoo9eegheex"
+turn_shared_secret: "{{ matrix.turn_shared_secret }}"

 # The Username and password if the TURN server needs them and
 # does not use a token