matrix-authentication-service: mount Synapse Postgres socket for syn2mas

syn2mas reads Synapse's homeserver.yaml and reuses the database connection details from there. When Synapse is configured to reach the integrated Postgres over a UNIX socket, the temporary syn2mas container was given the config file but not the socket mount, so migrations could fail even though Synapse itself was configured correctly. Wire the Synapse socket settings into MAS via playbook vars and mount the same socket path into the syn2mas container, so migrations work in socket-based deployments without coupling the MAS role directly to Synapse role variables.
1 个月前 · f9811a0e0a
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -1153,6 +1153,9 @@ matrix_authentication_service_systemd_wanted_services_list_auto: |
 matrix_authentication_service_syn2mas_container_network: "{{ postgres_container_network if postgres_enabled and matrix_authentication_service_config_database_host == postgres_connection_hostname else matrix_authentication_service_container_network }}"

 matrix_authentication_service_syn2mas_synapse_homeserver_config_path: "{{ matrix_synapse_config_dir_path + '/homeserver.yaml' if matrix_synapse_enabled else '' }}"
 matrix_authentication_service_syn2mas_synapse_database_socket_enabled: "{{ matrix_synapse_database_socket_enabled if matrix_synapse_enabled else false }}"
 matrix_authentication_service_syn2mas_synapse_database_socket_path: "{{ matrix_synapse_database_socket_path if matrix_synapse_enabled else '' }}"
 matrix_authentication_service_syn2mas_synapse_database_socket_path_host: "{{ matrix_synapse_database_socket_path_host if matrix_synapse_enabled else '' }}"

 ######################################################################
 #
--- a/roles/custom/matrix-authentication-service/defaults/main.yml
+++ b/roles/custom/matrix-authentication-service/defaults/main.yml
@@ -613,6 +613,10 @@ matrix_authentication_service_syn2mas_synapse_homeserver_config_path: ""

 matrix_authentication_service_syn2mas_container_network: "{{ matrix_authentication_service_container_network }}"

 matrix_authentication_service_syn2mas_synapse_database_socket_enabled: false
 matrix_authentication_service_syn2mas_synapse_database_socket_path: ""
 matrix_authentication_service_syn2mas_synapse_database_socket_path_host: ""

 # Additional options passed to the syn2mas sub-command (e.g. `mas-cli syn2mas [OPTIONS] migrate|check`).
 # Also see: `matrix_authentication_service_syn2mas_subcommand_extra_options`
 #
--- a/roles/custom/matrix-authentication-service/tasks/mas_cli_syn2mas.yml
+++ b/roles/custom/matrix-authentication-service/tasks/mas_cli_syn2mas.yml
@@ -71,6 +71,9 @@
      --mount type=bind,src={{ matrix_authentication_service_config_path }}/config.yaml,dst=/config.yaml,ro
      --mount type=bind,src={{ matrix_authentication_service_data_keys_path }},dst=/keys,ro
      --mount type=bind,src={{ matrix_authentication_service_syn2mas_synapse_homeserver_config_path }},dst=/homeserver.yaml,ro
      {% if matrix_authentication_service_syn2mas_synapse_database_socket_enabled %}
      --mount type=bind,src={{ matrix_authentication_service_syn2mas_synapse_database_socket_path_host }},dst={{ matrix_authentication_service_syn2mas_synapse_database_socket_path }}
      {% endif %}
      {{ matrix_authentication_service_container_image }}
      syn2mas
      --synapse-config=/homeserver.yaml