mirror of
https://github.com/element-hq/synapse.git
synced 2024-11-21 17:15:38 +03:00
WIP: MAS in complement
This commit is contained in:
parent
2b620e0a15
commit
4580e12275
6 changed files with 93 additions and 66 deletions
|
@ -1,67 +1,62 @@
|
||||||
# syntax=docker/dockerfile:1
|
# syntax=docker/dockerfile:1
|
||||||
|
|
||||||
ARG SYNAPSE_VERSION=latest
|
ARG SYNAPSE_VERSION=latest
|
||||||
ARG FROM=matrixdotorg/synapse:$SYNAPSE_VERSION
|
ARG SYNAPSE_IMAGE=docker.io/matrixdotorg/synapse:$SYNAPSE_VERSION
|
||||||
|
|
||||||
# first of all, we create a base image with an nginx which we can copy into the
|
ARG MAS_VERSION=latest
|
||||||
# target image. For repeated rebuilds, this is much faster than apt installing
|
ARG MAS_IMAGE=ghcr.io/matrix-org/matrix-authentication-service:$MAS_VERSION
|
||||||
# each time.
|
|
||||||
|
|
||||||
FROM docker.io/library/debian:bookworm-slim AS deps_base
|
ARG REDIS_VERSION=7.4.0
|
||||||
RUN \
|
ARG REDIS_IMAGE=docker.io/library/redis:$REDIS_VERSION-bookworm
|
||||||
--mount=type=cache,target=/var/cache/apt,sharing=locked \
|
|
||||||
--mount=type=cache,target=/var/lib/apt,sharing=locked \
|
|
||||||
apt-get update -qq && \
|
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get install -yqq --no-install-recommends \
|
|
||||||
redis-server nginx-light
|
|
||||||
|
|
||||||
# Similarly, a base to copy the redis server from.
|
ARG NGINX_VERSION=1.26.1
|
||||||
#
|
ARG NGINX_IMAGE=docker.io/library/nginx:$NGINX_VERSION-bookworm
|
||||||
# The redis docker image has fewer dynamic libraries than the debian package,
|
|
||||||
# which makes it much easier to copy (but we need to make sure we use an image
|
FROM $NGINX_IMAGE AS nginx
|
||||||
# based on the same debian version as the synapse image, to make sure we get
|
FROM $REDIS_IMAGE AS redis
|
||||||
# the expected version of libc.
|
FROM $MAS_IMAGE AS mas
|
||||||
FROM docker.io/library/redis:7-bookworm AS redis_base
|
|
||||||
|
|
||||||
# now build the final image, based on the the regular Synapse docker image
|
# now build the final image, based on the the regular Synapse docker image
|
||||||
FROM $FROM
|
FROM $SYNAPSE_IMAGE
|
||||||
|
|
||||||
# Install supervisord with pip instead of apt, to avoid installing a second
|
# Install supervisord with pip instead of apt, to avoid installing a second
|
||||||
# copy of python.
|
# copy of python.
|
||||||
RUN --mount=type=cache,target=/root/.cache/pip \
|
RUN --mount=type=cache,target=/root/.cache/pip \
|
||||||
pip install supervisor~=4.2
|
pip install supervisor~=4.2
|
||||||
RUN mkdir -p /etc/supervisor/conf.d
|
RUN mkdir -p /etc/supervisor/conf.d
|
||||||
|
|
||||||
# Copy over redis and nginx
|
# Copy over redis, nginx and matrix-authentication-service
|
||||||
COPY --from=redis_base /usr/local/bin/redis-server /usr/local/bin
|
COPY --from=redis /usr/local/bin/redis-server /usr/local/bin
|
||||||
|
|
||||||
COPY --from=deps_base /usr/sbin/nginx /usr/sbin
|
COPY --from=nginx /usr/sbin/nginx /usr/sbin
|
||||||
COPY --from=deps_base /usr/share/nginx /usr/share/nginx
|
COPY --from=nginx /usr/share/nginx /usr/share/nginx
|
||||||
COPY --from=deps_base /usr/lib/nginx /usr/lib/nginx
|
COPY --from=nginx /usr/lib/nginx /usr/lib/nginx
|
||||||
COPY --from=deps_base /etc/nginx /etc/nginx
|
COPY --from=nginx /etc/nginx /etc/nginx
|
||||||
RUN rm /etc/nginx/sites-enabled/default
|
RUN mkdir /var/log/nginx /var/lib/nginx
|
||||||
RUN mkdir /var/log/nginx /var/lib/nginx
|
RUN chown www-data /var/lib/nginx
|
||||||
RUN chown www-data /var/lib/nginx
|
|
||||||
|
|
||||||
# have nginx log to stderr/out
|
# have nginx log to stderr/out
|
||||||
RUN ln -sf /dev/stdout /var/log/nginx/access.log
|
RUN ln -sf /dev/stdout /var/log/nginx/access.log
|
||||||
RUN ln -sf /dev/stderr /var/log/nginx/error.log
|
RUN ln -sf /dev/stderr /var/log/nginx/error.log
|
||||||
|
|
||||||
# Copy Synapse worker, nginx and supervisord configuration template files
|
COPY --from=mas /usr/local/bin/mas-cli /usr/local/bin
|
||||||
COPY ./docker/conf-workers/* /conf/
|
COPY --from=mas /usr/local/share/mas-cli /usr/local/share
|
||||||
|
|
||||||
# Copy a script to prefix log lines with the supervisor program name
|
# Copy Synapse worker, nginx and supervisord configuration template files
|
||||||
COPY ./docker/prefix-log /usr/local/bin/
|
COPY ./docker/conf-workers/* /conf/
|
||||||
|
|
||||||
# Expose nginx listener port
|
# Copy a script to prefix log lines with the supervisor program name
|
||||||
EXPOSE 8080/tcp
|
COPY ./docker/prefix-log /usr/local/bin/
|
||||||
|
|
||||||
# A script to read environment variables and create the necessary
|
# Expose nginx listener port
|
||||||
# files to run the desired worker configuration. Will start supervisord.
|
EXPOSE 8080/tcp
|
||||||
COPY ./docker/configure_workers_and_start.py /configure_workers_and_start.py
|
|
||||||
ENTRYPOINT ["/configure_workers_and_start.py"]
|
|
||||||
|
|
||||||
# Replace the healthcheck with one which checks *all* the workers. The script
|
# A script to read environment variables and create the necessary
|
||||||
# is generated by configure_workers_and_start.py.
|
# files to run the desired worker configuration. Will start supervisord.
|
||||||
HEALTHCHECK --start-period=5s --interval=15s --timeout=5s \
|
COPY ./docker/configure_workers_and_start.py /configure_workers_and_start.py
|
||||||
CMD /bin/sh /healthcheck.sh
|
ENTRYPOINT ["/configure_workers_and_start.py"]
|
||||||
|
|
||||||
|
# Replace the healthcheck with one which checks *all* the workers. The script
|
||||||
|
# is generated by configure_workers_and_start.py.
|
||||||
|
HEALTHCHECK --start-period=5s --interval=15s --timeout=5s \
|
||||||
|
CMD /bin/sh /healthcheck.sh
|
||||||
|
|
|
@ -6,11 +6,17 @@
|
||||||
# Instructions for building this image from those it depends on is detailed in this guide:
|
# Instructions for building this image from those it depends on is detailed in this guide:
|
||||||
# https://github.com/element-hq/synapse/blob/develop/docker/README-testing.md#testing-with-postgresql-and-single-or-multi-process-synapse
|
# https://github.com/element-hq/synapse/blob/develop/docker/README-testing.md#testing-with-postgresql-and-single-or-multi-process-synapse
|
||||||
|
|
||||||
ARG SYNAPSE_VERSION=latest
|
|
||||||
# This is an intermediate image, to be built locally (not pulled from a registry).
|
# This is an intermediate image, to be built locally (not pulled from a registry).
|
||||||
ARG FROM=matrixdotorg/synapse-workers:$SYNAPSE_VERSION
|
ARG SYNAPSE_WORKERS_IMAGE=synapse-workers
|
||||||
|
|
||||||
|
ARG POSTGRES_VERSION=13
|
||||||
|
ARG POSTGRES_IMAGE=docker.io/library/postgres:$POSTGRES_VERSION-bookworm
|
||||||
|
|
||||||
|
# Save the Postgres image for later
|
||||||
|
FROM $POSTGRES_IMAGE AS postgres
|
||||||
|
|
||||||
|
FROM $SYNAPSE_WORKERS_IMAGE
|
||||||
|
|
||||||
FROM $FROM
|
|
||||||
# First of all, we copy postgres server from the official postgres image,
|
# First of all, we copy postgres server from the official postgres image,
|
||||||
# since for repeated rebuilds, this is much faster than apt installing
|
# since for repeated rebuilds, this is much faster than apt installing
|
||||||
# postgres each time.
|
# postgres each time.
|
||||||
|
@ -20,8 +26,8 @@ FROM $FROM
|
||||||
# the same debian version as Synapse's docker image (so the versions of the
|
# the same debian version as Synapse's docker image (so the versions of the
|
||||||
# shared libraries match).
|
# shared libraries match).
|
||||||
RUN adduser --system --uid 999 postgres --home /var/lib/postgresql
|
RUN adduser --system --uid 999 postgres --home /var/lib/postgresql
|
||||||
COPY --from=docker.io/library/postgres:13-bookworm /usr/lib/postgresql /usr/lib/postgresql
|
COPY --from=postgres /usr/lib/postgresql /usr/lib/postgresql
|
||||||
COPY --from=docker.io/library/postgres:13-bookworm /usr/share/postgresql /usr/share/postgresql
|
COPY --from=postgres /usr/share/postgresql /usr/share/postgresql
|
||||||
RUN mkdir /var/run/postgresql && chown postgres /var/run/postgresql
|
RUN mkdir /var/run/postgresql && chown postgres /var/run/postgresql
|
||||||
ENV PATH="${PATH}:/usr/lib/postgresql/13/bin"
|
ENV PATH="${PATH}:/usr/lib/postgresql/13/bin"
|
||||||
ENV PGDATA=/var/lib/postgresql/data
|
ENV PGDATA=/var/lib/postgresql/data
|
||||||
|
@ -29,9 +35,10 @@ ENV PGDATA=/var/lib/postgresql/data
|
||||||
# We also initialize the database at build time, rather than runtime, so that it's faster to spin up the image.
|
# We also initialize the database at build time, rather than runtime, so that it's faster to spin up the image.
|
||||||
RUN gosu postgres initdb --locale=C --encoding=UTF-8 --auth-host password
|
RUN gosu postgres initdb --locale=C --encoding=UTF-8 --auth-host password
|
||||||
|
|
||||||
# Configure a password and create a database for Synapse
|
# Configure a password and create a database for Synapse and MAS
|
||||||
RUN echo "ALTER USER postgres PASSWORD 'somesecret'" | gosu postgres postgres --single
|
RUN echo "ALTER USER postgres PASSWORD 'somesecret'" | gosu postgres postgres --single
|
||||||
RUN echo "CREATE DATABASE synapse" | gosu postgres postgres --single
|
RUN echo "CREATE DATABASE synapse" | gosu postgres postgres --single
|
||||||
|
RUN echo "CREATE DATABASE mas" | gosu postgres postgres --single
|
||||||
|
|
||||||
# Extend the shared homeserver config to disable rate-limiting,
|
# Extend the shared homeserver config to disable rate-limiting,
|
||||||
# set Complement's static shared secret, enable registration, amongst other
|
# set Complement's static shared secret, enable registration, amongst other
|
||||||
|
|
|
@ -20,4 +20,15 @@ app_service_config_files:
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
|
||||||
|
{% if enable_mas %}
|
||||||
|
experimental_features:
|
||||||
|
msc3861:
|
||||||
|
enabled: true
|
||||||
|
issuer: "http://localhost:8008/"
|
||||||
|
client_id: "0000000000000000000SYNAPSE"
|
||||||
|
client_auth_method: client_secret_basic
|
||||||
|
client_secret: choozia3ThiefahZaofeiveish1kahr0
|
||||||
|
admin_token: eeShoo4ceebae4Lo4Che1hoofoophaiz
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{{ shared_worker_config }}
|
{{ shared_worker_config }}
|
||||||
|
|
|
@ -35,3 +35,12 @@ autorestart=true
|
||||||
# Redis can be disabled if the image is being used without workers
|
# Redis can be disabled if the image is being used without workers
|
||||||
autostart={{ enable_redis }}
|
autostart={{ enable_redis }}
|
||||||
|
|
||||||
|
[program:mas]
|
||||||
|
comamnd=/usr/local/bin/prefix-log /usr/local/bin/mas-cli --config /conf/mas.yaml
|
||||||
|
stdout_logfile=/dev/stdout
|
||||||
|
stdout_logfile_maxbytes=0
|
||||||
|
stderr_logfile=/dev/stderr
|
||||||
|
stderr_logfile_maxbytes=0
|
||||||
|
autorestart=unexpected
|
||||||
|
|
||||||
|
autostart={{ enable_mas }}
|
||||||
|
|
|
@ -959,6 +959,7 @@ def generate_worker_files(
|
||||||
shared_worker_config=yaml.dump(shared_config),
|
shared_worker_config=yaml.dump(shared_config),
|
||||||
appservice_registrations=appservice_registrations,
|
appservice_registrations=appservice_registrations,
|
||||||
enable_redis=workers_in_use,
|
enable_redis=workers_in_use,
|
||||||
|
enable_mas=False,
|
||||||
workers_in_use=workers_in_use,
|
workers_in_use=workers_in_use,
|
||||||
using_unix_sockets=using_unix_sockets,
|
using_unix_sockets=using_unix_sockets,
|
||||||
)
|
)
|
||||||
|
@ -981,6 +982,7 @@ def generate_worker_files(
|
||||||
"/etc/supervisor/supervisord.conf",
|
"/etc/supervisor/supervisord.conf",
|
||||||
main_config_path=config_path,
|
main_config_path=config_path,
|
||||||
enable_redis=workers_in_use,
|
enable_redis=workers_in_use,
|
||||||
|
enable_mas=False,
|
||||||
using_unix_sockets=using_unix_sockets,
|
using_unix_sockets=using_unix_sockets,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -167,11 +167,11 @@ if [ -z "$skip_docker_build" ]; then
|
||||||
-f "docker/editable.Dockerfile" .
|
-f "docker/editable.Dockerfile" .
|
||||||
|
|
||||||
$CONTAINER_RUNTIME build -t synapse-workers-editable \
|
$CONTAINER_RUNTIME build -t synapse-workers-editable \
|
||||||
--build-arg FROM=synapse-editable \
|
--build-arg SYNAPSE_IMAGE=synapse-editable \
|
||||||
-f "docker/Dockerfile-workers" .
|
-f "docker/Dockerfile-workers" .
|
||||||
|
|
||||||
$CONTAINER_RUNTIME build -t complement-synapse-editable \
|
$CONTAINER_RUNTIME build -t complement-synapse-editable \
|
||||||
--build-arg FROM=synapse-workers-editable \
|
--build-arg SUNAPSE_WORKERS_IMAGE=synapse-workers-editable \
|
||||||
-f "docker/complement/Dockerfile" "docker/complement"
|
-f "docker/complement/Dockerfile" "docker/complement"
|
||||||
|
|
||||||
# Prepare the Rust module
|
# Prepare the Rust module
|
||||||
|
@ -180,21 +180,24 @@ if [ -z "$skip_docker_build" ]; then
|
||||||
else
|
else
|
||||||
|
|
||||||
# Build the base Synapse image from the local checkout
|
# Build the base Synapse image from the local checkout
|
||||||
echo_if_github "::group::Build Docker image: matrixdotorg/synapse"
|
echo_if_github "::group::Build Docker image: synapse"
|
||||||
$CONTAINER_RUNTIME build -t matrixdotorg/synapse \
|
$CONTAINER_RUNTIME build -t synapse \
|
||||||
--build-arg TEST_ONLY_SKIP_DEP_HASH_VERIFICATION \
|
--build-arg TEST_ONLY_SKIP_DEP_HASH_VERIFICATION \
|
||||||
--build-arg TEST_ONLY_IGNORE_POETRY_LOCKFILE \
|
--build-arg TEST_ONLY_IGNORE_POETRY_LOCKFILE \
|
||||||
-f "docker/Dockerfile" .
|
-f "docker/Dockerfile" .
|
||||||
echo_if_github "::endgroup::"
|
echo_if_github "::endgroup::"
|
||||||
|
|
||||||
# Build the workers docker image (from the base Synapse image we just built).
|
# Build the workers docker image (from the base Synapse image we just built).
|
||||||
echo_if_github "::group::Build Docker image: matrixdotorg/synapse-workers"
|
echo_if_github "::group::Build Docker image: synapse-workers"
|
||||||
$CONTAINER_RUNTIME build -t matrixdotorg/synapse-workers -f "docker/Dockerfile-workers" .
|
$CONTAINER_RUNTIME build -t synapse-workers \
|
||||||
|
--build-arg SYNAPSE_IMAGE=synapse \
|
||||||
|
-f "docker/Dockerfile-workers" .
|
||||||
echo_if_github "::endgroup::"
|
echo_if_github "::endgroup::"
|
||||||
|
|
||||||
# Build the unified Complement image (from the worker Synapse image we just built).
|
# Build the unified Complement image (from the worker Synapse image we just built).
|
||||||
echo_if_github "::group::Build Docker image: complement/Dockerfile"
|
echo_if_github "::group::Build Docker image: complement-synapse"
|
||||||
$CONTAINER_RUNTIME build -t complement-synapse \
|
$CONTAINER_RUNTIME build -t complement-synapse \
|
||||||
|
--build-arg SYNAPSE_WORKERS_IMAGE=synapse-workers \
|
||||||
-f "docker/complement/Dockerfile" "docker/complement"
|
-f "docker/complement/Dockerfile" "docker/complement"
|
||||||
echo_if_github "::endgroup::"
|
echo_if_github "::endgroup::"
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue