Преглед изворни кода
matrix-synapse: make managed service topology explicit
create-pull-request/i18n
Slavi Pantaleev
пре 1 дан
2 измењених фајлова са 28 додато и 15 уклоњено
Један поглед
Diff Options
+ 20
- 15
group_vars/matrix_servers
Прегледај датотеку
| @@ -4007,7 +4007,7 @@ postgres_managed_databases_auto: | | |||||
| 'name': matrix_synapse_database_database, | 'name': matrix_synapse_database_database, | ||||
| 'username': matrix_synapse_database_user, | 'username': matrix_synapse_database_user, | ||||
| 'password': matrix_synapse_database_password, | 'password': matrix_synapse_database_password, | ||||
| }] if (matrix_synapse_enabled and matrix_synapse_database_host == postgres_connection_hostname) else []) | |||||
| }] if (matrix_synapse_enabled and matrix_playbook_synapse_uses_managed_postgres) else []) | |||||
| + | + | ||||
| ([{ | ([{ | ||||
| 'name': matrix_dendrite_federation_api_database, | 'name': matrix_dendrite_federation_api_database, | ||||
| @@ -4755,9 +4755,9 @@ matrix_synapse_container_additional_networks_auto: | | |||||
| ( | ( | ||||
| ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_synapse_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network else []) | ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_synapse_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network else []) | ||||
| + | + | ||||
| ([postgres_container_network] if (postgres_enabled and postgres_container_network != matrix_synapse_container_network and matrix_synapse_database_host == postgres_connection_hostname) else []) | |||||
| ([postgres_container_network] if (matrix_playbook_synapse_uses_managed_postgres and postgres_container_network != matrix_synapse_container_network) else []) | |||||
| + | + | ||||
| ([valkey_container_network] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == valkey_identifier else []) | |||||
| ([valkey_container_network] if matrix_playbook_synapse_uses_managed_valkey else []) | |||||
| + | + | ||||
| ([exim_relay_container_network] if (exim_relay_enabled and matrix_synapse_email_enabled and matrix_synapse_email_smtp_host == exim_relay_identifier and matrix_synapse_container_network != exim_relay_container_network) else []) | ([exim_relay_container_network] if (exim_relay_enabled and matrix_synapse_email_enabled and matrix_synapse_email_smtp_host == exim_relay_identifier and matrix_synapse_container_network != exim_relay_container_network) else []) | ||||
| + | + | ||||
| @@ -4794,18 +4794,23 @@ matrix_synapse_container_labels_public_metrics_middleware_basic_auth_users: "{{ | |||||
| matrix_synapse_container_labels_internal_client_api_enabled: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled }}" | matrix_synapse_container_labels_internal_client_api_enabled: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled }}" | ||||
| matrix_synapse_container_labels_internal_client_api_traefik_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}" | matrix_synapse_container_labels_internal_client_api_traefik_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}" | ||||
| # Playbook-level Synapse topology wiring helpers. | |||||
| matrix_playbook_synapse_uses_managed_postgres: "{{ postgres_enabled }}" | |||||
| matrix_playbook_synapse_uses_managed_valkey: "{{ matrix_synapse_redis_enabled and valkey_enabled }}" | |||||
| matrix_playbook_synapse_auto_compressor_uses_managed_postgres: "{{ matrix_playbook_synapse_uses_managed_postgres and matrix_synapse_auto_compressor_database_hostname == matrix_synapse_database_host }}" | |||||
| # For exposing the Synapse worker (and metrics) ports to the local host. | # For exposing the Synapse worker (and metrics) ports to the local host. | ||||
| matrix_synapse_workers_container_host_bind_address: "{{ matrix_playbook_service_host_bind_interface_prefix[0:-1] if (matrix_synapse_workers_enabled and matrix_playbook_service_host_bind_interface_prefix) else '' }}" | matrix_synapse_workers_container_host_bind_address: "{{ matrix_playbook_service_host_bind_interface_prefix[0:-1] if (matrix_synapse_workers_enabled and matrix_playbook_service_host_bind_interface_prefix) else '' }}" | ||||
| matrix_synapse_database_host: "{{ postgres_connection_hostname if postgres_enabled else '' }}" | |||||
| matrix_synapse_database_host: "{{ postgres_connection_hostname if matrix_playbook_synapse_uses_managed_postgres else '' }}" | |||||
| matrix_synapse_database_password: "{{ (matrix_homeserver_generic_secret_key + ':synapse.db') | hash('sha512') | to_uuid }}" | matrix_synapse_database_password: "{{ (matrix_homeserver_generic_secret_key + ':synapse.db') | hash('sha512') | to_uuid }}" | ||||
| # unix socket connection, disabled by default temporarily until properly tested | # unix socket connection, disabled by default temporarily until properly tested | ||||
| matrix_synapse_database_socket_enabled: false | matrix_synapse_database_socket_enabled: false | ||||
| # path to the Postgres socket's parent dir inside the Synapse container | # path to the Postgres socket's parent dir inside the Synapse container | ||||
| matrix_synapse_database_socket_path: "{{ '/tmp/postgres' if postgres_enabled else '' }}" | |||||
| matrix_synapse_database_socket_path: "{{ '/tmp/postgres' if matrix_playbook_synapse_uses_managed_postgres else '' }}" | |||||
| # path to the Postgres socket on the host, using Postgres | # path to the Postgres socket on the host, using Postgres | ||||
| matrix_synapse_database_socket_path_host: "{{ postgres_run_path if postgres_enabled else '' }}" | |||||
| matrix_synapse_database_socket_path_host: "{{ postgres_run_path if matrix_playbook_synapse_uses_managed_postgres else '' }}" | |||||
| matrix_synapse_macaroon_secret_key: "{{ (matrix_homeserver_generic_secret_key + ':synapse.mac') | hash('sha512') | to_uuid }}" | matrix_synapse_macaroon_secret_key: "{{ (matrix_homeserver_generic_secret_key + ':synapse.mac') | hash('sha512') | to_uuid }}" | ||||
| @@ -4837,9 +4842,9 @@ matrix_synapse_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled | |||||
| matrix_synapse_systemd_required_services_list_auto: | | matrix_synapse_systemd_required_services_list_auto: | | ||||
| {{ | {{ | ||||
| ([postgres_identifier ~ '.service'] if (postgres_enabled and postgres_container_network != matrix_synapse_container_network and matrix_synapse_database_host == postgres_connection_hostname) else []) | |||||
| ([postgres_identifier ~ '.service'] if (matrix_playbook_synapse_uses_managed_postgres and postgres_container_network != matrix_synapse_container_network) else []) | |||||
| + | + | ||||
| ([valkey_identifier ~ '.service'] if matrix_synapse_redis_enabled and matrix_synapse_redis_host == valkey_identifier else []) | |||||
| ([valkey_identifier ~ '.service'] if matrix_playbook_synapse_uses_managed_valkey else []) | |||||
| + | + | ||||
| (['matrix-goofys.service'] if matrix_s3_media_store_enabled else []) | (['matrix-goofys.service'] if matrix_s3_media_store_enabled else []) | ||||
| + | + | ||||
| @@ -4855,17 +4860,17 @@ matrix_synapse_systemd_wanted_services_list_auto: | | |||||
| # Synapse workers (used for parallel load-scaling) need Redis for IPC. | # Synapse workers (used for parallel load-scaling) need Redis for IPC. | ||||
| matrix_synapse_redis_enabled: "{{ valkey_enabled }}" | matrix_synapse_redis_enabled: "{{ valkey_enabled }}" | ||||
| matrix_synapse_redis_host: "{{ valkey_identifier if valkey_enabled else '' }}" | |||||
| matrix_synapse_redis_password: "{{ valkey_connection_password if valkey_enabled else '' }}" | |||||
| matrix_synapse_redis_host: "{{ valkey_identifier if matrix_playbook_synapse_uses_managed_valkey else '' }}" | |||||
| matrix_synapse_redis_password: "{{ valkey_connection_password if matrix_playbook_synapse_uses_managed_valkey else '' }}" | |||||
| # unix socket connection, disabled by default temporarily until properly tested | # unix socket connection, disabled by default temporarily until properly tested | ||||
| matrix_synapse_redis_path_enabled: false | matrix_synapse_redis_path_enabled: false | ||||
| # path to the Redis socket's parent dir inside the Synapse container | # path to the Redis socket's parent dir inside the Synapse container | ||||
| matrix_synapse_redis_path: "{{ '/tmp/valkey' if valkey_enabled else '' }}" | |||||
| matrix_synapse_redis_path: "{{ '/tmp/valkey' if matrix_playbook_synapse_uses_managed_valkey else '' }}" | |||||
| # redis socket filename | # redis socket filename | ||||
| matrix_synapse_redis_path_socket: "{{ '/valkey.sock' if valkey_enabled else '' }}" | |||||
| matrix_synapse_redis_path_socket: "{{ '/valkey.sock' if matrix_playbook_synapse_uses_managed_valkey else '' }}" | |||||
| # path to the Redis socket on the host, using Valkey | # path to the Redis socket on the host, using Valkey | ||||
| matrix_synapse_redis_path_host: "{{ valkey_run_path if valkey_enabled else '' }}" | |||||
| matrix_synapse_redis_path_host: "{{ valkey_run_path if matrix_playbook_synapse_uses_managed_valkey else '' }}" | |||||
| matrix_synapse_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}" | matrix_synapse_container_extra_arguments_auto: "{{ matrix_homeserver_container_extra_arguments_auto }}" | ||||
| matrix_synapse_app_service_config_files_auto: "{{ matrix_homeserver_app_service_config_files_auto }}" | matrix_synapse_app_service_config_files_auto: "{{ matrix_homeserver_app_service_config_files_auto }}" | ||||
| @@ -4961,7 +4966,7 @@ matrix_synapse_auto_compressor_container_image_registry_prefix_upstream: "{{ mat | |||||
| matrix_synapse_auto_compressor_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" | matrix_synapse_auto_compressor_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" | ||||
| matrix_synapse_auto_compressor_container_network: "{{ (postgres_container_network if (postgres_enabled and matrix_synapse_auto_compressor_database_hostname == matrix_synapse_database_host and matrix_synapse_database_host == postgres_connection_hostname) else 'matrix-synapse-auto-compressor') }}" | |||||
| matrix_synapse_auto_compressor_container_network: "{{ (postgres_container_network if matrix_playbook_synapse_auto_compressor_uses_managed_postgres else 'matrix-synapse-auto-compressor') }}" | |||||
| matrix_synapse_auto_compressor_database_username: "{{ matrix_synapse_database_user if matrix_synapse_enabled else '' }}" | matrix_synapse_auto_compressor_database_username: "{{ matrix_synapse_database_user if matrix_synapse_enabled else '' }}" | ||||
| matrix_synapse_auto_compressor_database_password: "{{ matrix_synapse_database_password if matrix_synapse_enabled else '' }}" | matrix_synapse_auto_compressor_database_password: "{{ matrix_synapse_database_password if matrix_synapse_enabled else '' }}" | ||||
| @@ -4971,7 +4976,7 @@ matrix_synapse_auto_compressor_database_name: "{{ matrix_synapse_database_databa | |||||
| matrix_synapse_auto_compressor_systemd_required_services_list_auto: | | matrix_synapse_auto_compressor_systemd_required_services_list_auto: | | ||||
| {{ | {{ | ||||
| ([postgres_identifier ~ '.service'] if (matrix_synapse_auto_compressor_container_network == postgres_container_network) else []) | |||||
| ([postgres_identifier ~ '.service'] if matrix_playbook_synapse_auto_compressor_uses_managed_postgres else []) | |||||
| }} | }} | ||||
| ###################################################################### | ###################################################################### | ||||
+ 8
- 0
roles/custom/matrix-base/defaults/main.yml
Прегледај датотеку
| @@ -246,6 +246,14 @@ matrix_integration_manager_ui_url: ~ | |||||
| matrix_homeserver_container_extra_arguments_auto: [] | matrix_homeserver_container_extra_arguments_auto: [] | ||||
| matrix_homeserver_app_service_config_files_auto: [] | matrix_homeserver_app_service_config_files_auto: [] | ||||
| # These playbook-level helpers describe which managed services Synapse should be wired to. | |||||
| # They are meant for orchestration concerns like container networking and systemd ordering, | |||||
| # while `matrix_synapse_*` variables stay focused on actual connection parameters. | |||||
| # These likely get overridden elsewhere. | |||||
| matrix_playbook_synapse_uses_managed_postgres: false | |||||
| matrix_playbook_synapse_uses_managed_valkey: false | |||||
| matrix_playbook_synapse_auto_compressor_uses_managed_postgres: false | |||||
| # Controls whether various services should expose metrics publicly. | # Controls whether various services should expose metrics publicly. | ||||
| # If Prometheus is operating on the same machine, exposing metrics publicly is not necessary. | # If Prometheus is operating on the same machine, exposing metrics publicly is not necessary. | ||||
| matrix_metrics_exposure_enabled: false | matrix_metrics_exposure_enabled: false | ||||