Prefer --mount instead of -v for mounting volumes

This doesn't replace all usage of `-v`, but it's a start. People sometimes troubleshoot by deleting files (especially bridge config files). Restarting Synapse with a missing registration.yaml file for a given bridge, causes the `-v /something/registration.yaml:/something/registration.yaml:ro` option to force-create `/something/registration.yaml` as a directory. When a path that's provided to the `-v` option is missing, Docker auto-creates that path as a directory. This causes more breakage and confusion later on. We'd rather fail, instead of magically creating directories. Using `--mount`, instead of `-v` is the solution to this. From Docker's documentation: > When you use --mount with type=bind, the host-path must refer to an existing path on the host. > The path will not be created for you and the service will fail with an error if the path does not exist.
6 år sedan · 70487061f4
--- a/docs/howto-server-delegation.md
+++ b/docs/howto-server-delegation.md
@@ -89,10 +89,8 @@ matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key: /matrix/ssl/
 If your files are not in `/matrix/ssl` but in some other location, you would need to mount them into the container:

 ```yaml
 matrix_nginx_proxy_container_additional_volumes:
  - src: /some/path/on/the/host
    dst: /some/path/inside/the/container
    options: ro
 matrix_synapse_container_extra_arguments:
  - "--mount type-bind,src=/some/path/on/the/host,dst=/some/path/inside/the/container,ro"
 ```

 You then refer to them (for `matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate` and `matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key`) by using `/some/path/inside/the/container`.
@@ -118,10 +116,8 @@ Make sure to reload/restart your webserver once in a while, so that newer certif
 To do that, make sure the certificate files are mounted into the Synapse container:

 ```yaml
 matrix_synapse_container_additional_volumes:
  - src: /some/path/on/the/host
    dst: /some/path/inside/the/container
    options: ro
 matrix_synapse_container_extra_arguments:
  - "--mount type-bind,src=/some/path/on/the/host,dst=/some/path/inside/the/container,ro"
 ```

 You can then tell Synapse to serve Federation traffic over TLS on `tcp/8448`:
--- a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml
+++ b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml
@@ -61,9 +61,6 @@
    -l discord_bot
  when: "not appservice_discord_registration_file.stat.exists"

 - set_fact:
    matrix_synapse_app_service_config_file_appservice_discord: '{{ matrix_appservice_discord_base_path }}/discord-registration.yml'

 - name: Check if a matrix-appservice-discord invite_link file exists
  stat:
    path: "{{ matrix_appservice_discord_base_path }}/invite_link"
@@ -82,12 +79,12 @@

 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_additional_volumes: >
      {{ matrix_synapse_container_additional_volumes|default([]) }}
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      {{ [{'src': '{{ matrix_appservice_discord_base_path }}/discord-registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_appservice_discord }}', 'options': 'ro'}] }}
      {{ ["--mount type=bind,src={{ matrix_appservice_discord_base_path }}/discord-registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro"] }}

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["{{ matrix_synapse_app_service_config_file_appservice_discord }}"] | to_nice_json  }}
      {{ ["/matrix-appservice-discord-registration.yaml"] }}
--- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml
+++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml
@@ -70,20 +70,17 @@
    -l irc_bot
  when: "not appservice_irc_registration_file.stat.exists"

 - set_fact:
    matrix_synapse_app_service_config_file_appservice_irc: '/app-registration/appservice-irc.yml'

 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_additional_volumes: >
      {{ matrix_synapse_container_additional_volumes|default([]) }}
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      {{ [{'src': '{{ matrix_appservice_irc_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_appservice_irc }}', 'options': 'ro'}] }}
      {{ ["--mount type=bind,src={{ matrix_appservice_irc_base_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"] }}

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["{{ matrix_synapse_app_service_config_file_appservice_irc }}"] | to_nice_json  }}
      {{ ["/matrix-appservice-irc-registration.yaml"] }}

 - name: Ensure IRC configuration directory permissions are correct
  file:
--- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml
@@ -65,17 +65,14 @@
      python3 -m mautrix_facebook -g -c /data/config.yaml -r /data/registration.yaml
  when: "not mautrix_facebook_registration_file_stat.stat.exists"

 - set_fact:
    matrix_synapse_app_service_config_file_mautrix_facebook: '/app-registration/mautrix-facebook.yml'

 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_additional_volumes: >
      {{ matrix_synapse_container_additional_volumes|default([]) }}
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      {{ [{'src': '{{ matrix_mautrix_facebook_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_facebook }}', 'options': 'ro'}] }}
      {{ ["--mount type=bind,src={{ matrix_mautrix_facebook_base_path }}/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro"] }}

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["{{ matrix_synapse_app_service_config_file_mautrix_facebook }}"] | to_nice_json  }}
      {{ ["/matrix-mautrix-facebook-registration.yaml"] }}
--- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml
@@ -76,20 +76,17 @@
      python3 -m mautrix_telegram -g -c /data/config.yaml -r /data/registration.yaml
  when: "not mautrix_telegram_registration_file_stat.stat.exists"

 - set_fact:
    matrix_synapse_app_service_config_file_mautrix_telegram: '/app-registration/mautrix-telegram.yml'

 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_additional_volumes: >
      {{ matrix_synapse_container_additional_volumes|default([]) }}
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      {{ [{'src': '{{ matrix_mautrix_telegram_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_telegram }}', 'options': 'ro'}] }}
      {{ ["--mount type=bind,src={{ matrix_mautrix_telegram_base_path }}/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro"] }}

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["{{ matrix_synapse_app_service_config_file_mautrix_telegram }}"] | to_nice_json  }}
      {{ ["/matrix-mautrix-telegram-registration.yaml"] }}

 - block:
  - name: Fail if matrix-nginx-proxy role already executed
--- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml
@@ -65,17 +65,14 @@
      /usr/bin/mautrix-whatsapp -g -c /data/config.yaml -r /data/registration.yaml
  when: "not mautrix_whatsapp_registration_file_stat.stat.exists"

 - set_fact:
    matrix_synapse_app_service_config_file_mautrix_whatsapp: '/app-registration/mautrix-whatsapp.yml'

 # If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
    matrix_synapse_container_additional_volumes: >
      {{ matrix_synapse_container_additional_volumes|default([]) }}
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      {{ [{'src': '{{ matrix_mautrix_whatsapp_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_whatsapp }}', 'options': 'ro'}] }}
      {{ ["--mount type=bind,src={{ matrix_mautrix_whatsapp_base_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"] }}

    matrix_synapse_app_service_config_files: >
      {{ matrix_synapse_app_service_config_files|default([]) }}
      +
      {{ ["{{ matrix_synapse_app_service_config_file_mautrix_whatsapp }}"] | to_nice_json  }}
      {{ ["/matrix-mautrix-whatsapp-registration.yaml"] }}
--- a/roles/matrix-synapse/defaults/main.yml
+++ b/roles/matrix-synapse/defaults/main.yml
@@ -170,6 +170,11 @@ matrix_synapse_federation_domain_whitelist: ~
 # A list of additional "volumes" to mount in the container.
 # This list gets populated dynamically based on Synapse extensions that have been enabled.
 # Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
 #
 # Note: internally, this uses the `-v` flag for mounting the specified volumes.
 # It's better (safer) to use the `--mount` flag for mounting volumes.
 # To use `--mount`, specifiy it in `matrix_synapse_container_extra_arguments`.
 # Example: `matrix_synapse_container_extra_arguments: ['--mount type=bind,src=/outside,dst=/inside,ro']
 matrix_synapse_container_additional_volumes: []

 # A list of additional loggers to register in synapse.log.config.
@@ -179,7 +184,7 @@ matrix_synapse_additional_loggers: []

 # A list of appservice config files (in-container filesystem paths).
 # This list gets populated dynamically based on Synapse extensions that have been enabled.
 # You may wish to use this together with `matrix_synapse_container_additional_volumes`.
 # You may wish to use this together with `matrix_synapse_container_additional_volumes` or `matrix_synapse_container_extra_arguments`.
 matrix_synapse_app_service_config_files: []

 # This is set dynamically during execution depending on whether
--- a/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml
+++ b/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml
@@ -1,8 +1,6 @@
 - set_fact:
    matrix_synapse_password_providers_enabled: true
  when: matrix_synapse_ext_password_provider_ldap_enabled|bool

 - set_fact:
    matrix_synapse_additional_loggers: >
      {{ matrix_synapse_additional_loggers }}
      +
--- a/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml
+++ b/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml
@@ -17,13 +17,11 @@
 - set_fact:
    matrix_synapse_password_providers_enabled: true

 - set_fact:
    matrix_synapse_container_additional_volumes: >
      {{ matrix_synapse_container_additional_volumes }}
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      {{ [{'src': '{{ matrix_synapse_ext_path }}/rest_auth_provider.py', 'dst': '{{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py', 'options': 'ro'}] }}
      {{ ["--mount type=bind,src={{ matrix_synapse_ext_path }}/rest_auth_provider.py,dst={{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py,ro"] }}

 - set_fact:
    matrix_synapse_additional_loggers: >
      {{ matrix_synapse_additional_loggers }}
      +
--- a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml
+++ b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml
@@ -17,13 +17,11 @@
 - set_fact:
    matrix_synapse_password_providers_enabled: true

 - set_fact:
    matrix_synapse_container_additional_volumes: >
      {{ matrix_synapse_container_additional_volumes }}
    matrix_synapse_container_extra_arguments: >
      {{ matrix_synapse_container_extra_arguments|default([]) }}
      +
      {{ [{'src': '{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py', 'dst': '{{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py', 'options': 'ro'}] }}
      {{ ["--mount type=bind,src={{ matrix_synapse_ext_path }}/shared_secret_authenticator.py,dst={{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py,ro"] }}

 - set_fact:
    matrix_synapse_additional_loggers: >
      {{ matrix_synapse_additional_loggers }}
      +